Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps conformance/nightly/cosign/cosign from
cb60017
to32f6f1a
.Commits
32f6f1a
chore(deps): bump mikefarah/yq from 4.28.1 to 4.28.2 (#2360)b214747
chore(deps): bump ossf/scorecard-action from 2.0.4 to 2.0.6 (#2361)2498ffd
chore(deps): bump sigstore/cosign-installer from 2.8.0 to 2.8.1 (#2359)f977db4
switch to reusable workflow for license/vuln scan (#2357)7873a93
chore(deps): bump google.golang.org/api from 0.99.0 to 0.100.0 (#2358)30bf1c0
fix: cosign flags been ignored (#2353)d7503d6
chore(deps): bump actions/setup-go from 3.3.0 to 3.3.1 (#2351)af618ac
chore(deps): bump github/codeql-action from 2.1.27 to 2.1.28 (#2352)7e78786
chore(deps): bump github.com/sigstore/fulcio from 0.6.0 to 1.0.0 (#2350)29766c1
Bind flags as prefixed env variables (#2346)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)