Bump philips-labs/slsa-provenance-action from 0.8.0 to 0.9.0

[dependabot[bot]]

Bumps philips-labs/slsa-provenance-action from 0.8.0 to 0.9.0.

Release notes

Sourced from philips-labs/slsa-provenance-action's releases.

v0.9.0

Changelog

• 3746bf21da78866632dea85cfd2cb90fcdfe3fd7: :arrow_up: Bump actions/cache from 3.0.4 to 3.0.5 (@​dependabot[bot])
• 310f33257a79566a610a08bf18880e87c38615e6: :arrow_up: Bump actions/cache from 3.0.5 to 3.0.6 (@​dependabot[bot])
• 7058b58e4164511374cca4b10ba0b9bdb3571513: :arrow_up: Bump actions/checkout from 3.0.2 to 3.1.0 (@​dependabot[bot])
• b2d766f9392b31045bce16a9a2eb67b8c1d43ee6: :arrow_up: Bump actions/checkout from 3.1.0 to 3.2.0 (@​dependabot[bot])
• 8670b4766a05f3c2672f5523f1a14db7893454f2: :arrow_up: Bump actions/checkout from 3.2.0 to 3.3.0 (@​dependabot[bot])
• d5c9345a1af6dbc4f8984fcc40cb7d3ca9f3d2e8: :arrow_up: Bump actions/checkout from 3.3.0 to 3.4.0 (@​dependabot[bot])
• a87ddb85d6cd559baa8909b509774ef05a834cd1: :arrow_up: Bump actions/checkout from 3.4.0 to 3.5.0 (@​dependabot[bot])
• 88a1a09d8e290f9631ed0f2724b8b32c7eff1bbb: :arrow_up: Bump actions/checkout from 3.5.0 to 3.5.3 (@​dependabot[bot])
• 0c00dd624b3f06c00fe49a623a969d88bb22cf52: :arrow_up: Bump actions/checkout from 3.5.3 to 3.6.0 (@​dependabot[bot])
• 56cf398ee05a80a11b88533b4114c5dceb129283: :arrow_up: Bump actions/checkout from 3.6.0 to 4.0.0 (@​dependabot[bot])
• d6faf430a8020f6c337195c0f2556fc61b3a1f43: :arrow_up: Bump actions/checkout from 4.0.0 to 4.1.0 (@​dependabot[bot])
• 5dfb6a6934fea890e64111769ce5d2cb8226f867: :arrow_up: Bump actions/checkout from 4.1.0 to 4.1.1 (@​dependabot[bot])
• 97f73bfd8bc805171bbf32f660e7beef44fe982f: :arrow_up: Bump actions/download-artifact from 3.0.0 to 3.0.1 (@​dependabot[bot])
• 0c57f5cfa35d2b207f532f78a29ccbfed73e6383: :arrow_up: Bump actions/download-artifact from 3.0.1 to 3.0.2 (@​dependabot[bot])
• ed7a5bd7ecfd88e44ed04dcf1f752eba72680b0c: :arrow_up: Bump actions/setup-go from 3.2.0 to 3.2.1 (@​dependabot[bot])
• eaff0a164e9613a1e03f31348c77600fb1b7c145: :arrow_up: Bump actions/setup-go from 3.2.1 to 3.3.0 (@​dependabot[bot])
• 3a09484a251f99573d698c698bf6bc3765fceed9: :arrow_up: Bump actions/setup-go from 3.3.0 to 3.3.1 (@​dependabot[bot])
• b9db5d5bde3eba33d217e3e11b3ebf2eeba43ae5: :arrow_up: Bump actions/setup-go from 3.3.1 to 3.4.0 (@​dependabot[bot])
• e27f4f2ef0409962e72c92b881bd7eb9867e5c4e: :arrow_up: Bump actions/setup-go from 3.4.0 to 3.5.0 (@​dependabot[bot])
• 62876c171167eabea7bbd08a7895bd4e5553dd01: :arrow_up: Bump actions/setup-go from 3.5.0 to 4.0.0 (@​dependabot[bot])
• 9631940278fe5047b8243bacca5203700dd381ad: :arrow_up: Bump actions/setup-go from 4.0.0 to 4.0.1 (@​dependabot[bot])
• 85046cc56f363272f51b6cebec034f8777298d66: :arrow_up: Bump actions/setup-go from 4.0.1 to 4.1.0 (@​dependabot[bot])
• cc7d74cef19835de03a461d56963177e327baa93: :arrow_up: Bump actions/setup-go from 4.1.0 to 5.0.0 (@​dependabot[bot])
• 08b4d8723a09a85210e27382f1649ba8744bd4d6: :arrow_up: Bump actions/upload-artifact from 3.1.0 to 3.1.1 (@​dependabot[bot])
• 70437b3b7091141c0a943120f02de4e4b39b6b94: :arrow_up: Bump actions/upload-artifact from 3.1.1 to 3.1.2 (@​dependabot[bot])
• f0c324d0472ba9707f97f7536777f77e0b25e51b: :arrow_up: Bump actions/upload-artifact from 3.1.2 to 3.1.3 (@​dependabot[bot])
• 35eca785b6ae94a819bd6a5ee87ef3b4aee8f060: :arrow_up: Bump anchore/sbom-action from 0.11.0 to 0.12.0 (@​dependabot[bot])
• fb57b1f9eb184759aa6e2a7db68dac920399510d: :arrow_up: Bump anchore/sbom-action from 0.12.0 to 0.13.0 (@​dependabot[bot])
• 194d93732f7102b3ca3b00c9e761d14c4416a1b2: :arrow_up: Bump anchore/sbom-action from 0.13.0 to 0.13.1 (@​dependabot[bot])
• adf3a8a3d8c4d1098dfcfdf40770662460886ea3: :arrow_up: Bump anchore/sbom-action from 0.13.1 to 0.13.3 (@​dependabot[bot])
• b9347b1c185a6eab587241bfb7f9984b38b17a4b: :arrow_up: Bump anchore/sbom-action from 0.13.3 to 0.13.4 (@​dependabot[bot])
• 4aaf6a12b6047b8d81af42eab6f691a16be21bea: :arrow_up: Bump anchore/sbom-action from 0.13.4 to 0.14.2 (@​dependabot[bot])
• f188a892c2ef5c366a2c23223d18db50176930b4: :arrow_up: Bump anchore/sbom-action from 0.14.2 to 0.14.3 (@​dependabot[bot])
• bf784fdd4c3244bf7e82d4bfbf275db67ce0806b: :arrow_up: Bump anchore/sbom-action from 0.14.3 to 0.15.0 (@​dependabot[bot])
• 8e383f891e95cb4aac270aa1cd7de301fd34219a: :arrow_up: Bump anchore/sbom-action from 0.15.0 to 0.15.1 (@​dependabot[bot])
• 0f36c5241670f3766a4564139399479a8df22624: :arrow_up: Bump codecov/codecov-action from 3.1.0 to 3.1.1 (@​dependabot[bot])
• bb600c5c8c3626e4529e52b390df9ced5c3888fa: :arrow_up: Bump codecov/codecov-action from 3.1.1 to 3.1.2 (@​dependabot[bot])
• b86f4e94a0910186007f8a1133c3e3361c839442: :arrow_up: Bump codecov/codecov-action from 3.1.2 to 3.1.3 (@​dependabot[bot])
• 450643d08b239ba1516fb641b3bb7746a3310a77: :arrow_up: Bump codecov/codecov-action from 3.1.3 to 3.1.4 (@​dependabot[bot])
• e4305e8e4dd7c200089635c0cd0a01d9f396ad2c: :arrow_up: Bump github.com/docker/distribution (@​dependabot[bot])
• 37037a07a9316d7d379b3c7574f50e1f43d088b8: :arrow_up: Bump github.com/docker/docker (@​dependabot[bot])
• 2efd2ab38155cb9e67d0cdb5c4abf1e3ac429b25: :arrow_up: Bump github.com/docker/docker (@​dependabot[bot])
• ad774173fab4dc2a557c0dd67e8de11d992b6f88: :arrow_up: Bump github.com/google/go-containerregistry (@​dependabot[bot])
• 333da6adcbe034c915b47268a4ddf700146278f7: :arrow_up: Bump github.com/google/go-containerregistry (@​dependabot[bot])
• e7ae6b39fd234ce907ce62a458c7dab8ada59983: :arrow_up: Bump github.com/google/go-containerregistry (@​dependabot[bot])
• 1606b5682605ae6249914acd62bc75de95d29443: :arrow_up: Bump github.com/google/go-containerregistry (@​dependabot[bot])
• 9c4d5ab702d6e9f5a9e8a8bf90a85716645b6932: :arrow_up: Bump github.com/google/go-containerregistry (@​dependabot[bot])
• 3df408f9362f813e33c9a74f13d22b452e3e7107: :arrow_up: Bump github.com/google/go-containerregistry (@​dependabot[bot])

... (truncated)

Commits

• 6b2fd19 Fix test
• a701ced Confirm prompt cosign
• 778859e Fix release workflow permissions
• 74d71ed Refactor some duplication in tests
• 0b6993f Replace deprecated set-output
• 73124e5 Fix multiple docker signs
• 987024a Update ListReleases test
• 45e55a0 Fix documentation linting issue
• c209f4e Bump go to 1.21
• 3de2051 Improve workflow security by not writing the private key to a file
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)