Bump the ci group with 2 updates

[dependabot[bot]]

Bumps the ci group with 2 updates: reproducible-containers/buildkit-cache-dance and sigstore/cosign-installer.

Updates reproducible-containers/buildkit-cache-dance from 2 to 3

Release notes

Sourced from reproducible-containers/buildkit-cache-dance's releases.

v3.0.0

Rewrote the action in TypeScript and adds support for cache-map that gets a string of files that need to be injected as a JSON string. This makes it possible to inject multiple directories in one call and simplifies the usage.

This release also makes it possible to run the script outside GitHub Actions in other CI platforms or locally using command line arguments.

Thanks to @​aminya (#25)

---

What's Changed

• add skip-extraction option to example on README by @​henryjw in reproducible-containers/buildkit-cache-dance#20
• feat: reimplement read-action-input in bash instead of node by @​NgoKimPhu in reproducible-containers/buildkit-cache-dance#22
• feat!: rewrite in TypeScript with CacheMap support by @​aminya in reproducible-containers/buildkit-cache-dance#25

New Contributors

• @​NgoKimPhu made their first contribution in reproducible-containers/buildkit-cache-dance#22
• @​aminya made their first contribution in reproducible-containers/buildkit-cache-dance#25

Full Changelog: https://github.com/reproducible-containers/buildkit-cache-dance/compare/v2.1.4...v3.0.0

v2.1.4

What's Changed

• Option to skip extract step by @​henryjw in reproducible-containers/buildkit-cache-dance#19

New Contributors

• @​henryjw made their first contribution in reproducible-containers/buildkit-cache-dance#19

Full Changelog: https://github.com/reproducible-containers/buildkit-cache-dance/compare/v2.1.3...v2.1.4

v2.1.3

What's Changed

• README.md: update by @​AkihiroSuda in reproducible-containers/buildkit-cache-dance#8
• increase node version of action by @​shyim in reproducible-containers/buildkit-cache-dance#14
• v2.1.3 by @​AkihiroSuda in reproducible-containers/buildkit-cache-dance#15

New Contributors

• @​shyim made their first contribution in reproducible-containers/buildkit-cache-dance#14

Full Changelog: https://github.com/reproducible-containers/buildkit-cache-dance/compare/v2.1.2...v2.1.3

v2.1.2

What's Changed

• v2.1.2 (GA) by @​AkihiroSuda in reproducible-containers/buildkit-cache-dance#7

Full Changelog: https://github.com/reproducible-containers/buildkit-cache-dance/compare/v2.1.1...v2.1.2

v2.1.1

What's Changed

• entrypoint.js: fix script path by @​AkihiroSuda in reproducible-containers/buildkit-cache-dance#5

... (truncated)

Commits

• 5de31fc Merge pull request #28 from aminya/support-cache-props
• 2a1e987 test: add tests for run functions
• d2e9ac7 test: add unit tests for the opts functions
• 969118a fix: add defaults for the missing actions options
• cfc6f5e docs: update the version to v3.1.0
• 2df8be0 test: test the id option for var/cache/apt
• 43a181d feat: support arbitrary mount options for each cache
• 8da9ff0 Merge pull request #27 from aminya/ignore-cleanup
• f182ab1 fix: ignore clean-up errors
• 0fc239d Merge pull request #25 from aminya/rewrite
• Additional commits viewable in compare view

Updates sigstore/cosign-installer from 3.4.0 to 3.5.0

Release notes

Sourced from sigstore/cosign-installer's releases.

v3.5.0

What's Changed

• Bump actions/checkout from 4.1.1 to 4.1.2 by @​dependabot in sigstore/cosign-installer#157
• use go 1.22 now by @​bobcallaway in sigstore/cosign-installer#160
• bump default version to v2.2.4, prep for v3.5.0 release by @​bobcallaway in sigstore/cosign-installer#159

Full Changelog: https://github.com/sigstore/cosign-installer/compare/v3.4.0...v3.5.0

Commits

• 59acb62 bump default version to v2.2.4, prep for v3.5.0 release (#159)
• 22be4ce use go 1.22 now (#160)
• 162dfdf Bump actions/checkout from 4.1.1 to 4.1.2 (#157)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions

[github-actions[bot]]

Mend Scan Summary: :x:

Repository: open-component-model/ocm

VIOLATION DESCRIPTION	NUMBER OF VIOLATIONS
HIGH/CRITICAL SECURITY VULNERABILITIES	0
MAJOR UPDATES AVAILABLE	0
LICENSE REQUIRES REVIEW	2
HIGH RISK LICENSES	9
RESTRICTIED LICENSE FOR ON-PREMISE DELIVERY	0

Detailed Logs: mend-scan-> Generate Report Mend UI

[ocmbot[bot]]

Integration Tests for 4a026dee1b4622715e4ca089e60f4d966731695b run with result: Success ✅!