mtail icon indicating copy to clipboard operation
mtail copied to clipboard
verified publisher icon google

build(deps): bump slsa-framework/slsa-verifier from 2.6.0 to 2.7.1

Open dependabot[bot] opened this issue 8 months ago • 1 comments

Bumps slsa-framework/slsa-verifier from 2.6.0 to 2.7.1.

Release notes

Sourced from slsa-framework/slsa-verifier's releases.

v2.7.1

What's Changed

New Contributors

Full Changelog: https://github.com/slsa-framework/slsa-verifier/compare/v2.7.0...v2.7.1

v2.7.1-rc.2

What's Changed

Full Changelog: https://github.com/slsa-framework/slsa-verifier/compare/v2.7.1-rc.1...v2.7.1-rc.2

v2.7.1-rc.1

What's Changed

... (truncated)

Commits
  • ea584f4 docs: add section for verify-github-attestation (#858)
  • 2950204 feat: Bazel not experimental (#850)
  • 08d54ab chore(deps): bump the npm_and_yarn group across 2 directories with 5 updates ...
  • 09889f2 chore(deps): update gcr.io/distroless/base:nonroot docker digest to 0a0dc20 (...
  • 7135755 chore(deps): update golang:1.23 docker digest to dd5cc4b (#847)
  • 4f28a95 fix: no parallel regression tests (#855)
  • 1595a06 fix(deps): update golang.org/x/exp digest to dcc06ee (#839)
  • e0b3ab7 fix(deps): update npm (#843)
  • b02ea50 chore(deps): bump the go_modules group across 1 directory with 2 updates (#853)
  • f6be75a chore(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 in the go...
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

dependabot[bot] avatar Jun 30 '25 15:06 dependabot[bot]

Unit Test Results

    1 files     27 suites   9m 18s ⏱️   672 tests   670 ✅ 2 💤 0 ❌ 1 989 runs  1 983 ✅ 6 💤 0 ❌

Results for commit 1dd74bc0.

github-actions[bot] avatar Jun 30 '25 16:06 github-actions[bot]