chore(deps): Bump the minor-patch group across 1 directory with 8 updates

[dependabot]

Bumps the minor-patch group with 8 updates in the / directory:

Package	From	To
sigstore/cosign-installer	3.8.1	3.8.2
actions/setup-go	5.2.0	5.5.0
chainguard-dev/actions	1.0.3	1.0.9
google-github-actions/auth	2.1.8	2.1.10
github/codeql-action	3.28.15	3.28.18
mikefarah/yq	4.45.1	4.45.4
anchore/sbom-action	0.18.0	0.20.0
codecov/codecov-action	5.4.2	5.4.3

Updates sigstore/cosign-installer from 3.8.1 to 3.8.2

Release notes

Sourced from sigstore/cosign-installer's releases.

v3.8.2

What's Changed

• install cosign v2 from main in sigstore/cosign-installer#186

Full Changelog: sigstore/cosign-installer@v3...v3.8.2

Commits

• 3454372 install cosign v2 from main (#186)
• b6ee8f8 Bump actions/setup-go from 5.3.0 to 5.4.0 (#185)
• See full diff in compare view

Updates actions/setup-go from 5.2.0 to 5.5.0

Release notes

Sourced from actions/setup-go's releases.

v5.5.0

What's Changed

Bug fixes:

• Update self-hosted environment validation by @​priyagupta108 in actions/setup-go#556
• Add manifest validation and improve error handling by @​priyagupta108 in actions/setup-go#586
• Update template link by @​jsoref in actions/setup-go#527

Dependency updates:

• Upgrade @​action/cache from 4.0.2 to 4.0.3 by @​aparnajyothi-y in actions/setup-go#574
• Upgrade @​actions/glob from 0.4.0 to 0.5.0 by @​dependabot in actions/setup-go#573
• Upgrade ts-jest from 29.1.2 to 29.3.2 by @​dependabot in actions/setup-go#582
• Upgrade eslint-plugin-jest from 27.9.0 to 28.11.0 by @​dependabot in actions/setup-go#537

New Contributors

• @​jsoref made their first contribution in actions/setup-go#527

Full Changelog: actions/setup-go@v5...v5.5.0

v5.4.0

What's Changed

Dependency updates :

• Upgrade semver from 7.6.0 to 7.6.3 by @​dependabot in actions/setup-go#535
• Upgrade eslint-config-prettier from 8.10.0 to 10.0.1 by @​dependabot in actions/setup-go#536
• Upgrade @​action/cache from 4.0.0 to 4.0.2 by @​aparnajyothi-y in actions/setup-go#568
• Upgrade undici from 5.28.4 to 5.28.5 by @​dependabot in actions/setup-go#541

New Contributors

• @​aparnajyothi-y made their first contribution in actions/setup-go#568

Full Changelog: actions/setup-go@v5...v5.4.0

v5.3.0

What's Changed

• Use the new cache service: upgrade @actions/cache to ^4.0.0 by @​Link- in actions/setup-go#531
• Configure Dependabot settings by @​HarithaVattikuti in actions/setup-go#530
• Document update - permission section by @​HarithaVattikuti in actions/setup-go#533
• Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 by @​dependabot in actions/setup-go#534

New Contributors

• @​Link- made their first contribution in actions/setup-go#531

Full Changelog: actions/setup-go@v5...v5.3.0

Commits

• d35c59a chore: update discussions url (#527)
• 29694d7 Add manifest validation and improve error handling (#586)
• 78535dd Bump eslint-plugin-jest from 27.9.0 to 28.11.0 (#537)
• bb65d88 Bump ts-jest from 29.1.2 to 29.3.2 (#582)
• 7f17e83 Bump @​actions/glob from 0.4.0 to 0.5.0 (#573)
• dca8468 Update self-hosted environment validation and bump undici version (#556)
• 691cc35 upgrade actions/cache to 4.0.3 (#574)
• 0aaccfd Bump undici from 5.28.4 to 5.28.5 (#541)
• c4c1141 upgrade actions/cache to 4.0.2 (#568)
• 5a083d0 Bump eslint-config-prettier from 8.10.0 to 10.0.1 (#536)
• Additional commits viewable in compare view

Updates chainguard-dev/actions from 1.0.3 to 1.0.9

Release notes

Sourced from chainguard-dev/actions's releases.

v1.0.9

What's Changed

• Bump chainguard-dev/actions from 1.0.7 to 1.0.8 by @​dependabot in chainguard-dev/actions#549
• [StepSecurity] Apply security best practices by @​stepsecurity-app in chainguard-dev/actions#550

New Contributors

• @​stepsecurity-app made their first contribution in chainguard-dev/actions#550

Full Changelog: chainguard-dev/actions@v1.0.8...v1.0.9

v1.0.8

What's Changed

• Bump chainguard-dev/actions from 1.0.6 to 1.0.7 by @​dependabot in chainguard-dev/actions#546
• Bump actions/setup-go from 5.4.0 to 5.5.0 by @​dependabot in chainguard-dev/actions#547
• Bump actions/setup-go from 5.4.0 to 5.5.0 in /boilerplate by @​dependabot in chainguard-dev/actions#548

Full Changelog: chainguard-dev/actions@v1.0.7...v1.0.8

v1.0.7

What's Changed

• Bump chainguard-dev/actions from 1.0.5 to 1.0.6 by @​dependabot in chainguard-dev/actions#545

Full Changelog: chainguard-dev/actions@v1.0.6...v1.0.7

v1.0.6

What's Changed

• add support for k8s 1.33 in setup-kind by @​bobcallaway in chainguard-dev/actions#544
• Bump chainguard-dev/actions from 1.0.4 to 1.0.5 by @​dependabot in chainguard-dev/actions#543

New Contributors

• @​bobcallaway made their first contribution in chainguard-dev/actions#544

Full Changelog: chainguard-dev/actions@v1.0.5...v1.0.6

v1.0.5

What's Changed

• Bump chainguard-dev/actions from 1.0.3 to 1.0.4 by @​dependabot in chainguard-dev/actions#541
• Bump step-security/harden-runner from 2.11.1 to 2.12.0 by @​dependabot in chainguard-dev/actions#540
• Add 'apt-faster' action. by @​smoser in chainguard-dev/actions#542

New Contributors

• @​smoser made their first contribution in chainguard-dev/actions#542

Full Changelog: chainguard-dev/actions@v1.0.4...v1.0.5

v1.0.4

What's Changed

• Bump chainguard-dev/actions from 1.0.2 to 1.0.3 by @​dependabot in chainguard-dev/actions#539

... (truncated)

Commits

• 7d40b85 [StepSecurity] Apply security best practices (#550)
• f3c4f01 Bump chainguard-dev/actions from 1.0.7 to 1.0.8 (#549)
• ec48ea4 Bump actions/setup-go from 5.4.0 to 5.5.0 in /boilerplate (#548)
• fd8b6fb Bump actions/setup-go from 5.4.0 to 5.5.0 (#547)
• 9c0be1e Bump chainguard-dev/actions from 1.0.6 to 1.0.7 (#546)
• dd4524a Bump chainguard-dev/actions from 1.0.5 to 1.0.6 (#545)
• d9b7e22 Bump chainguard-dev/actions from 1.0.4 to 1.0.5 (#543)
• 44a12df add support for k8s 1.33 in setup-kind (#544)
• 430f14e Add 'apt-faster' action. (#542)
• 260d165 Bump step-security/harden-runner from 2.11.1 to 2.12.0 (#540)
• Additional commits viewable in compare view

Updates google-github-actions/auth from 2.1.8 to 2.1.10

Release notes

Sourced from google-github-actions/auth's releases.

v2.1.10

What's Changed

• Declare workflow permissions by @​sethvargo in google-github-actions/auth#482
• Document that the OIDC token expires in 5min by @​sethvargo in google-github-actions/auth#483
• Release: v2.1.10 by @​google-github-actions-bot in google-github-actions/auth#484

Full Changelog: google-github-actions/auth@v2.1.9...v2.1.10

v2.1.9

What's Changed

• Use our custom boolean parsing by @​sethvargo in google-github-actions/auth#478
• Update deps by @​sethvargo in google-github-actions/auth#479
• Release: v2.1.9 by @​google-github-actions-bot in google-github-actions/auth#480

Full Changelog: google-github-actions/auth@v2.1.8...v2.1.9

Commits

• ba79af0 Release: v2.1.10 (#484)
• bfaa66b Document that the OIDC token expires in 5min (#483)
• d0822ad Declare workflow permissions (#482)
• 7b53cdc Release: v2.1.9 (#480)
• a9cfddf Update deps (#479)
• b011f39 Use our custom boolean parsing (#478)
• See full diff in compare view

Updates github/codeql-action from 3.28.15 to 3.28.18

Release notes

Sourced from github/codeql-action's releases.

v3.28.18

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.18 - 16 May 2025

• Update default CodeQL bundle version to 2.21.3. #2893
• Skip validating SARIF produced by CodeQL for improved performance. #2894
• The number of threads and amount of RAM used by CodeQL can now be set via the CODEQL_THREADS and CODEQL_RAM runner environment variables. If set, these environment variables override the threads and ram inputs respectively. #2891

See the full CHANGELOG.md for more information.

v3.28.17

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.17 - 02 May 2025

• Update default CodeQL bundle version to 2.21.2. #2872

See the full CHANGELOG.md for more information.

v3.28.16

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.16 - 23 Apr 2025

• Update default CodeQL bundle version to 2.21.1. #2863

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

3.28.18 - 16 May 2025

• Update default CodeQL bundle version to 2.21.3. #2893
• Skip validating SARIF produced by CodeQL for improved performance. #2894
• The number of threads and amount of RAM used by CodeQL can now be set via the CODEQL_THREADS and CODEQL_RAM runner environment variables. If set, these environment variables override the threads and ram inputs respectively. #2891

3.28.17 - 02 May 2025

• Update default CodeQL bundle version to 2.21.2. #2872

3.28.16 - 23 Apr 2025

• Update default CodeQL bundle version to 2.21.1. #2863

3.28.15 - 07 Apr 2025

• Fix bug where the action would fail if it tried to produce a debug artifact with more than 65535 files. #2842

3.28.14 - 07 Apr 2025

• Update default CodeQL bundle version to 2.21.0. #2838

3.28.13 - 24 Mar 2025

No user facing changes.

3.28.12 - 19 Mar 2025

• Dependency caching should now cache more dependencies for Java build-mode: none extractions. This should speed up workflows and avoid inconsistent alerts in some cases.
• Update default CodeQL bundle version to 2.20.7. #2810

3.28.11 - 07 Mar 2025

• Update default CodeQL bundle version to 2.20.6. #2793

3.28.10 - 21 Feb 2025

• Update default CodeQL bundle version to 2.20.5. #2772
• Address an issue where the CodeQL Bundle would occasionally fail to decompress on macOS. #2768

3.28.9 - 07 Feb 2025

... (truncated)

Commits

• ff0a06e Merge pull request #2896 from github/update-v3.28.18-b86edfc27
• a41e084 Update changelog for v3.28.18
• b86edfc Merge pull request #2893 from github/update-bundle/codeql-bundle-v2.21.3
• e93b900 Merge branch 'main' into update-bundle/codeql-bundle-v2.21.3
• 510dfa3 Merge pull request #2894 from github/henrymercer/skip-validating-codeql-sarif
• 492d783 Merge branch 'main' into henrymercer/skip-validating-codeql-sarif
• 83bdf3b Merge pull request #2859 from github/update-supported-enterprise-server-versions
• cffc916 Merge pull request #2891 from austinpray-mixpanel/patch-1
• 4420887 Add deprecation warning for CodeQL 2.16.5 and earlier
• 4e178c5 Update supported versions table in README
• Additional commits viewable in compare view

Updates mikefarah/yq from 4.45.1 to 4.45.4

Release notes

Sourced from mikefarah/yq's releases.

v4.45.4 - Fixing wrong map() behaviour on empty map

• Fixing wrong map() behaviour on empty map #2359
• Bumped dependencies

v4.45.3 - Fixes regression bug(s)

• Fixing regression (#2353, #2359, #2325) introduced with in 4.45.2 with #2325 fix
• Bumped dependencies

Sorry for the regression folks! 😓 fwiw I have since added automated tests to capture the scenarios provided in the regression bug tickets

v4.45.2

• Added windows arm builds (Thanks @​albertocavalcante, @​ShukantPal)
• Added s390x platform support (Thanks @​ashokpariya0)
• Additionally push docker images to ghcr.io (Thanks @​reegnz)
• Fixing add when there is no node match #2325
• sort_by works on maps
• Bumped dependencies

Changelog

Sourced from mikefarah/yq's changelog.

4.45.4:

• Fixing wrong map() behaviour on empty map #2359
• Bumped dependencies

4.45.3:

• Fixing regression introduced with in 4.45.2 with #2325 fix 😓 sorry folks!
• Bumped dependencies

4.45.2:

• Added windows arm builds (Thanks @​albertocavalcante, @​ShukantPal)
• Added s390x platform support (Thanks @​ashokpariya0)
• Additionally push docker images to ghcr.io (Thanks @​reegnz)
• Fixing add when there is no node match #2325
• sort_by works on maps
• Bumped dependencies

4.45.1:

• Create parent directories when --split-exp is used, Thanks @​rudo-thomas
• Bumped dependencies

4.44.6:

• Fixed deleting items in array bug #2027, #2172; Thanks @​jandubois
• Docker image for armv7 / raspberry pi3, Thanks @​brianegge
• Fixed no-colors regression #2218
• Fixed various panic scenarios #2211
• Bumped dependencies

4.44.5:

• Fixing release pipeline

4.44.4:

• Format comments with a gray foreground (Thanks @​gabe565)
• Fixed handling of nulls with sort_by expressions #2164
• Force no color output when NO_COLOR env presents (Thanks @​narqo)
• Fixed array subtraction update bug #2159
• Fixed index out of range error
• Can traverse straight from parent operator (parent.blah)
• Bumped dependencies

4.44.3:

• Fixed upper-case file extension detection, Thanks @​ryenus (#2121)
• Log printing follow no-colors flag #2082
• Skip and warn when interpolating strings and theres a unclosed bracket #2083
• Fixed CSV content starting with # issue #2076
• Bumped dependencies

4.44.2:

• Handle numbers with underscores #2039
• Unique now works on maps and arrays #2068
• Added support for short hand splat with env[] expression #2071,

... (truncated)

Commits

• b534aa9 Bumping version
• 39a65b6 Updating release notes
• 1e3006e Removing old issue template
• 22949df Fixing running map against empty array bug #2359
• 734e2cd Bumping version
• 082b76a Preparing release notes
• 5bc2cd0 Bumping golang version
• 20407a0 Adding more tests to prevent regression again :sweat
• 0a83da6 Bump github.com/pelletier/go-toml/v2 from 2.2.3 to 2.2.4
• 77da8b7 Bump golang from 1.24.2 to 1.24.3
• Additional commits viewable in compare view

Updates anchore/sbom-action from 0.18.0 to 0.20.0

Release notes

Sourced from anchore/sbom-action's releases.

v0.20.0

Changes in v0.20.0

• chore(deps): update Syft to v1.24.0 (#522)

v0.19.0

Changes in v0.19.0

• chore(deps): update Syft to v1.23.0 (#521)
• chore(deps): bump peter-evans/create-pull-request from 7.0.6 to 7.0.8 (#519)
• chore(deps): bump cross-spawn (#514)

Commits

• e11c554 chore(deps): update Syft to v1.24.0 (#522)
• 9f73021 chore(deps): update Syft to v1.23.0 (#521)
• a669da5 chore(deps): update Syft to v1.22.0 (#517)
• 5aeee89 chore(deps): bump peter-evans/create-pull-request from 7.0.6 to 7.0.8 (#519)
• 79202ae chore(deps): bump cross-spawn (#514)
• See full diff in compare view

Updates codecov/codecov-action from 5.4.2 to 5.4.3

Release notes

Sourced from codecov/codecov-action's releases.

v5.4.3

What's Changed

• fix: OIDC on forks by @​joseph-sentry in codecov/codecov-action#1823
• build(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by @​dependabot in codecov/codecov-action#1822
• chore(release): 5.4.3 by @​thomasrockhu-codecov in codecov/codecov-action#1827

Full Changelog: codecov/codecov-action@v5.4.2...v5.4.3

Changelog

Sourced from codecov/codecov-action's changelog.

v5.4.3

What's Changed

• build(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by @​app/dependabot in codecov/codecov-action#1822
• fix: OIDC on forks by @​joseph-sentry in codecov/codecov-action#1823

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3

v5.4.2

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.1..v5.4.2

v5.4.1

What's Changed

• fix: use the github core methods by @​thomasrockhu-codecov in codecov/codecov-action#1807
• build(deps): bump github/codeql-action from 3.28.12 to 3.28.13 by @​app/dependabot in codecov/codecov-action#1803
• build(deps): bump github/codeql-action from 3.28.11 to 3.28.12 by @​app/dependabot in codecov/codecov-action#1797
• build(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2 by @​app/dependabot in codecov/codecov-action#1798
• chore(release): wrapper -0.2.1 by @​app/codecov-releaser-app in codecov/codecov-action#1788
• build(deps): bump github/codeql-action from 3.28.10 to 3.28.11 by @​app/dependabot in codecov/codecov-action#1786

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.0..v5.4.1

v5.4.0

What's Changed

• update wrapper submodule to 0.2.0, add recurse_submodules arg by @​matt-codecov in codecov/codecov-action#1780
• build(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1 by @​app/dependabot in codecov/codecov-action#1775
• build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 by @​app/dependabot in codecov/codecov-action#1776
• build(deps): bump github/codeql-action from 3.28.9 to 3.28.10 by @​app/dependabot in codecov/codecov-action#1777
• Clarify in README that use_pypi bypasses integrity checks too by @​webknjaz in codecov/codecov-action#1773
• Fix use of safe.directory inside containers by @​Flamefire in codecov/codecov-action#1768
• Fix description for report_type input by @​craigscott-crascit in codecov/codecov-action#1770
• build(deps): bump github/codeql-action from 3.28.8 to 3.28.9 by @​app/dependabot in codecov/codecov-action#1765
• Fix a typo in the example by @​miranska in codecov/codecov-action#1758
• build(deps): bump github/codeql-action from 3.28.5 to 3.28.8 by @​app/dependabot in codecov/codecov-action#1757
• build(deps): bump github/codeql-action from 3.28.1 to 3.28.5 by @​app/dependabot in codecov/codecov-action#1753

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.3.1..v5.4.0

... (truncated)

Commits

• 18283e0 chore(release): 5.4.3 (#1827)
• 525fcbf build(deps): bump github/codeql-action from 3.28.13 to 3.28.17 (#1822)
• b203f00 fix: OIDC on forks (#1823)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.