build(deps): bump the all group with 2 updates

inteon · inteon · commit 7ce43a7d2702 · 2024-09-18T12:05:04.000+02:00
Bumps the all group with 2 updates: [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) and [anchore/sbom-action](https://github.com/anchore/sbom-action). Updates `sigstore/cosign-installer` from 3.2.0 to 3.6.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@1fc5bd3...4959ce0) Updates `anchore/sbom-action` from 0.15.0 to 0.17.2 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Commits](anchore/sbom-action@fd74a6f...61119d4) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com>
diff --git a/.github/workflows/release-master.yml b/.github/workflows/release-master.yml
@@ -82,9 +82,9 @@ jobs:
       # See issue https://github.com/actions/checkout/issues/760
       run: git config --global --add safe.directory $GITHUB_WORKSPACE
     - name: Install cosign
-      uses: sigstore/cosign-installer@1fc5bd396d372bee37d608f955b336615edf79c8
+      uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382
     - name: Install Syft
-      uses: anchore/sbom-action/download-syft@fd74a6fb98a204a1ad35bbfae0122c1a302ff88b
+      uses: anchore/sbom-action/download-syft@61119d458adab75f756bc0b9e4bde25725f86a7a
     - uses: actions/checkout@v4
     - name: Set up QEMU
       uses: docker/setup-qemu-action@v3
