Update slsa-framework/slsa-github-generator action to v2

[renovate[bot]]

This PR contains the following updates:

Package	Type	Update	Change
slsa-framework/slsa-github-generator	action	major	v1.10.0 -> v2.0.0

---

Release Notes

slsa-framework/slsa-github-generator (slsa-framework/slsa-github-generator)

### [`v2.0.0`](https://togithub.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md#v200) [Compare Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.10.0...v2.0.0) ##### v2.0.0: Breaking Change: upload-artifact and download-artifact - Our workflows now use the new `@v4`s of `actions/upload-artifact` and `actions/download-artifact`, which are incompatiblle with the prior `@v3`. See Our docs on the [generic generator](./internal/builders/generic/README.md#compatibility-with-actionsdownload-artifact) for more information and how to upgrade. ##### v2.0.0: Breaking Change: attestation-name Workflow Input and Output - `attestation-name` as a workflow input to `.github/workflows/generator_generic_slsa3.yml` is now removed. Use `provenance-name` instead. ##### v2.0.0: DSSE Rekor Type - When uploading signed provenance to the log, the entry created in the log is now a DSSE Rekor type. This fixes a bug where the current intoto type does not persist provenance signatures. The attestation will no longer be persisted in Rekor ([#​3299](https://togithub.com/slsa-framework/slsa-github-generator/issues/3299))

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• [ ] If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[cr-gpt[bot]]

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

[github-actions[bot]]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
actions/slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml	2.0.0	:green_circle: 7.9	Details Check Score Reason Binary-Artifacts :green_circle: 10 no binaries found in the repo Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests :green_circle: 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices :green_circle: 5 badge detected: passing Code-Review :green_circle: 8 found 4 unreviewed changesets out of 30 -- score normalized to 8 Contributors :green_circle: 10 21 different organizations found -- score normalized to 10 Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Dependency-Update-Tool :green_circle: 10 update tool detected Fuzzing :warning: 0 project is not fuzzed License :green_circle: 10 license file detected Maintained :green_circle: 10 30 commit(s) out of 30 and 26 issue activity out of 30 found in the last 90 days -- score normalized to 10 Packaging :warning: -1 no published package detected Pinned-Dependencies :green_circle: 4 dependency not pinned by hash detected -- score normalized to 4 SAST :green_circle: 7 SAST tool detected but not run on all commits Security-Policy :green_circle: 10 security policy file detected Signed-Releases :green_circle: 10 26 out of 26 artifacts are signed or have provenance Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities :warning: 1 9 existing vulnerabilities detected
actions/slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml	1.10.0	:green_circle: 7.9	Details Check Score Reason Binary-Artifacts :green_circle: 10 no binaries found in the repo Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests :green_circle: 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices :green_circle: 5 badge detected: passing Code-Review :green_circle: 8 found 4 unreviewed changesets out of 30 -- score normalized to 8 Contributors :green_circle: 10 21 different organizations found -- score normalized to 10 Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Dependency-Update-Tool :green_circle: 10 update tool detected Fuzzing :warning: 0 project is not fuzzed License :green_circle: 10 license file detected Maintained :green_circle: 10 30 commit(s) out of 30 and 26 issue activity out of 30 found in the last 90 days -- score normalized to 10 Packaging :warning: -1 no published package detected Pinned-Dependencies :green_circle: 4 dependency not pinned by hash detected -- score normalized to 4 SAST :green_circle: 7 SAST tool detected but not run on all commits Security-Policy :green_circle: 10 security policy file detected Signed-Releases :green_circle: 10 26 out of 26 artifacts are signed or have provenance Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities :warning: 1 9 existing vulnerabilities detected

Scanned Manifest Files

.github/workflows/generator-generic-ossf-slsa3-publish.yml

• slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@2.0.0
• slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@1.10.0