Bump sigstore/gh-action-sigstore-python from 3.0.0 to 3.0.1 (#11237)

dependabot[bot] · web-flow · commit a5aa198ae72e · 2025-06-23T12:06:12.000Z
Bumps [sigstore/gh-action-sigstore-python](https://github.com/sigstore/gh-action-sigstore-python) from 3.0.0 to 3.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/gh-action-sigstore-python/releases">sigstore/gh-action-sigstore-python's releases</a>.</em></p> <blockquote> <h2>v3.0.1</h2> <h3>Changed</h3> <ul> <li>The minimum Python version supported by this action is now 3.9 (<a href="https://redirect.github.com/sigstore/gh-action-sigstore-python/pull/155">#155</a>)</li> <li>The action's Python dependencies are now fully pinned to specific versions (<a href="https://redirect.github.com/sigstore/gh-action-sigstore-python/pull/165">#165</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>The <code>rfc3161-client</code> dependency has been upgraded to <code>1.0.3</code> to resolve a security vulnerability (<a href="https://redirect.github.com/sigstore/gh-action-sigstore-python/pull/182">#182</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sigstore/gh-action-sigstore-python/blob/main/CHANGELOG.md">sigstore/gh-action-sigstore-python's changelog</a>.</em></p> <blockquote> <h2>[3.0.1]</h2> <h3>Changed</h3> <ul> <li>The minimum Python version supported by this action is now 3.9 (<a href="https://redirect.github.com/sigstore/gh-action-sigstore-python/pull/155">#155</a>)</li> <li>The action's Python dependencies are now fully pinned to specific versions (<a href="https://redirect.github.com/sigstore/gh-action-sigstore-python/pull/165">#165</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>The <code>rfc3161-client</code> dependency has been upgrades to <code>1.0.3</code> to resolve a security vulnerability (<a href="https://redirect.github.com/sigstore/gh-action-sigstore-python/pull/182">#182</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sigstore/gh-action-sigstore-python/commit/f7ad0af51a5648d09a20d00370f0a91c3bdf8f84"><code>f7ad0af</code></a> chore: prep 3.0.1 (<a href="https://redirect.github.com/sigstore/gh-action-sigstore-python/issues/183">#183</a>)</li> <li><a href="https://github.com/sigstore/gh-action-sigstore-python/commit/7dad330b7cc00877fda38e8ac56c7d69e20bd080"><code>7dad330</code></a> build(deps): bump rfc3161-client from 1.0.2 to 1.0.3 in /requirements (<a href="https://redirect.github.com/sigstore/gh-action-sigstore-python/issues/182">#182</a>)</li> <li><a href="https://github.com/sigstore/gh-action-sigstore-python/commit/deae7b09039836f94c5a183a266f8cd31bd769a6"><code>deae7b0</code></a> build(deps): bump astral-sh/setup-uv in the actions group (<a href="https://redirect.github.com/sigstore/gh-action-sigstore-python/issues/181">#181</a>)</li> <li><a href="https://github.com/sigstore/gh-action-sigstore-python/commit/f38fa95e2fe947a0827cf83585e9cd65f6107d5a"><code>f38fa95</code></a> build(deps): bump urllib3 from 2.4.0 to 2.5.0 in /requirements (<a href="https://redirect.github.com/sigstore/gh-action-sigstore-python/issues/180">#180</a>)</li> <li><a href="https://github.com/sigstore/gh-action-sigstore-python/commit/6409abb6b6aa159c173b7ccfc47078bec5735676"><code>6409abb</code></a> build(deps): bump the actions group with 2 updates (<a href="https://redirect.github.com/sigstore/gh-action-sigstore-python/issues/178">#178</a>)</li> <li><a href="https://github.com/sigstore/gh-action-sigstore-python/commit/d7c8f99cb60c12cfbcea09cfb344ed5a108c84b6"><code>d7c8f99</code></a> build(deps): bump softprops/action-gh-release in the actions group (<a href="https://redirect.github.com/sigstore/gh-action-sigstore-python/issues/177">#177</a>)</li> <li><a href="https://github.com/sigstore/gh-action-sigstore-python/commit/e346064a371a9668bb0943cbbfd9d285feabfd06"><code>e346064</code></a> build(deps): bump requests from 2.32.3 to 2.32.4 in /requirements (<a href="https://redirect.github.com/sigstore/gh-action-sigstore-python/issues/176">#176</a>)</li> <li><a href="https://github.com/sigstore/gh-action-sigstore-python/commit/cbd4d80b10f2b708b7be83cdf2318a15ae9cf632"><code>cbd4d80</code></a> Update Python dependencies (<a href="https://redirect.github.com/sigstore/gh-action-sigstore-python/issues/174">#174</a>)</li> <li><a href="https://github.com/sigstore/gh-action-sigstore-python/commit/250d1740e0d24c4565c8a5b94f10a952e06e9063"><code>250d174</code></a> build(deps): bump github/codeql-action in the actions group (<a href="https://redirect.github.com/sigstore/gh-action-sigstore-python/issues/172">#172</a>)</li> <li><a href="https://github.com/sigstore/gh-action-sigstore-python/commit/42bbcff08f93bc51a1e4b48a19b633ab975d10a6"><code>42bbcff</code></a> build(deps): bump astral-sh/setup-uv in the actions group (<a href="https://redirect.github.com/sigstore/gh-action-sigstore-python/issues/171">#171</a>)</li> <li>Additional commits viewable in <a href="https://github.com/sigstore/gh-action-sigstore-python/compare/v3.0.0...v3.0.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sigstore/gh-action-sigstore-python&package-manager=github_actions&previous-version=3.0.0&new-version=3.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
@@ -503,7 +503,7 @@ jobs:
       uses: pypa/gh-action-pypi-publish@release/v1
 
     - name: Sign the dists with Sigstore
-      uses: sigstore/gh-action-sigstore-python@v3.0.0
+      uses: sigstore/gh-action-sigstore-python@v3.0.1
       with:
         inputs: >-
           ./dist/*.tar.gz
