⬆️ Bump slsa-framework/slsa-github-generator from 1.9.0 to 1.10.0

[dependabot[bot]]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Bumps slsa-framework/slsa-github-generator from 1.9.0 to 1.10.0.

Release notes

Sourced from slsa-framework/slsa-github-generator's releases.

v1.10.0

See the CHANGELOG for details.

v1.9.1

This is an un-finalized release.

See the CHANGELOG for details.

v1.9.1-rc.0

See the CHANGELOG for details.

Changelog

Sourced from slsa-framework/slsa-github-generator's changelog.

v1.10.0

Release [v1.10.0] includes bug fixes and new features.

See the full change list.

v1.10.0: TUF fix

• The cosign TUF roots were fixed (#3350). More details here.

v1.10.0: Gradle Builder

• The Gradle Builder was fixed when the project root is the same as the repository root (#2727)

v1.10.0: Go Builder

• The go-version-file input was fixed so that it can find the go.mod file (#2661)

v1.10.0: Container Generator

• A new provenance-repository input was added to allow reading provenance from a different container repository than the image itself (#2956)

Commits

• c747fe7 chore: Update ref for v1.10.0 release (#3420)
• d97d88e chore: v1.10.0-rc.0 (#3418)
• 6ff2c75 chore: Amend readme text before release (#3402)
• 2cf77fa chore: Revert "fix: remove attestation-name input and output" (#3399)
• 5c347c0 chore: ref builders at main (#3417)
• e4fc9a0 chore: fix release workflow (#3414)
• 6953299 chore: v1.9.1-rc.0 (#3413)
• a2540a1 chore: Update changelog for #3350 (#3401)
• 90f2eb1 chore: Revert "fix: upload-artifact and download-artifact v4" (#3398)
• 1fee7c6 fix: Bump Cosign to latest v2.2.3 (#3355)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 90.16%. Comparing base (e8d70d3) to head (1f9856e).

:exclamation: Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## master #446 +/- ## ======================================= Coverage 90.16% 90.16% ======================================= Files 12 12 Lines 1240 1240 ======================================= Hits 1118 1118 Misses 122 122 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.