cookidoo-api icon indicating copy to clipboard operation
cookidoo-api copied to clipboard
verified publisher icon miaucl

Bump sigstore/gh-action-sigstore-python from 3.0.1 to 3.1.0

Open dependabot[bot] opened this issue 2 months ago • 1 comments

Bumps sigstore/gh-action-sigstore-python from 3.0.1 to 3.1.0.

Release notes

Sourced from sigstore/gh-action-sigstore-python's releases.

v3.1.0

gh-action-sigstore-python is now compatible with Rekor v2 transparency log (but produced signature bundles still contain Rekor v1 entries by default).

Changed

  • The action now uses sigstore-python 4.1. All other dependencies are also updated (#220)

Fixed

  • Fixed incompatibility with Python 3.14 by upgrading dependencies (#225)

Added

  • rekor-version argument was added to control the Rekor transparency log version when signing. The default version in the gh-action-sigstore-python 3.x series will remain 1 (except when using staging: true). (#228)
Changelog

Sourced from sigstore/gh-action-sigstore-python's changelog.

[3.1.0]

gh-action-sigstore-python is now compatible with Rekor v2 transparency log (but produced signature bundles still contain Rekor v1 entries by default).

Changed

  • The action now uses sigstore-python 4.1. All other dependencies are also updated (#220)

Fixed

  • Fixed incompatibility with Python 3.14 by upgrading dependencies (#225)

Added

  • rekor-version argument was added to control the Rekor transparency log version when signing. The default version in the gh-action-sigstore-python 3.x series will remain 1 (except when using staging: true). (#228)
Commits
  • f832326 Prepare 3.1.0 release (#230)
  • 3385d3a build(deps): bump astral-sh/setup-uv in the actions group (#232)
  • 35fff1e Add rekor-version argument (#228)
  • be60bbe build(deps): bump github/codeql-action in the actions group (#231)
  • 72e7431 Actually upgrade dependencies (#225)
  • ccdc279 ci, action: address zizmor findings, bump versions (#222)
  • 709f8a4 build(deps): bump sigstore from 3.6.3 to 4.0.0 (#220)
  • 5ce4031 requirements: Include main.in contents within dev.in (#221)
  • ea888ad build(deps): bump the actions group with 3 updates (#218)
  • 17565e2 build(deps): bump the python-dependencies group with 6 updates (#219)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] avatar Oct 27 '25 14:10 dependabot[bot]

Codecov Report

:white_check_mark: All modified and coverable lines are covered by tests. :white_check_mark: Project coverage is 100.00%. Comparing base (36ce9fc) to head (a7307c5). :warning: Report is 8 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff            @@
##            master      #114   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            7         7           
  Lines         1269      1269           
  Branches        42        42           
=========================================
  Hits          1269      1269

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

:rocket: New features to boost your workflow:
  • :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

codecov[bot] avatar Oct 27 '25 14:10 codecov[bot]