chore(deps): bump the dependencies group with 3 updates

Bumps the dependencies group with 3 updates: [anchore/sbom-action](https://github.com/anchore/sbom-action), [docker/login-action](https://github.com/docker/login-action) and [slsa-framework/slsa-verifier](https://github.com/slsa-framework/slsa-verifier). Updates `anchore/sbom-action` from 0.16.1 to 0.17.0 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Commits](anchore/sbom-action@95b086a...d94f46e) Updates `docker/login-action` from 3.2.0 to 3.3.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@0d4c9c5...9780b0c) Updates `slsa-framework/slsa-verifier` from 2.5.1 to 2.6.0 - [Release notes](https://github.com/slsa-framework/slsa-verifier/releases) - [Changelog](https://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md) - [Commits](slsa-framework/slsa-verifier@eb70070...3714a2a) --- updated-dependencies: - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: slsa-framework/slsa-verifier dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
openfga · Jul 22, 2024 · 699ecc3 · 699ecc3
1 parent 0c425bc
commit 699ecc3
Showing 1 changed file with 5 additions and 5 deletions.
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -111,7 +111,7 @@ jobs:
         check-latest: true
         go-version: ${{ env.GO_VERSION }}
 
-    - uses: anchore/sbom-action/download-syft@95b086ac308035dc0850b3853be5b7ab108236a8 # v0.16.1
+    - uses: anchore/sbom-action/download-syft@d94f46e13c6c62f59525ac9a1e147a99dc0b9bf5 # v0.17.0
 
     - name: Run GoReleaser
       uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0
@@ -151,13 +151,13 @@ jobs:
           go-version: ${{ env.GO_VERSION }}
 
       - name: Login to Docker Hub
-        uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
-      - uses: anchore/sbom-action/download-syft@95b086ac308035dc0850b3853be5b7ab108236a8 # v0.16.1
+      - uses: anchore/sbom-action/download-syft@d94f46e13c6c62f59525ac9a1e147a99dc0b9bf5 # v0.17.0
 
       - name: Run GoReleaser
         id: goreleaser
@@ -238,7 +238,7 @@ jobs:
     permissions: read-all
     steps:
       - name: Install the verifier
-        uses: slsa-framework/slsa-verifier/actions/installer@eb7007070baa04976cb9e25a0d8034f8db030a86 # pin@v2.5.1
+        uses: slsa-framework/slsa-verifier/actions/installer@3714a2a4684014deb874a0e737dffa0ee02dd647 # pin@v2.6.0
 
       - name: Download assets
         env:
@@ -265,7 +265,7 @@ jobs:
     permissions: read-all
     steps:
       - name: Login to Docker Hub
-        uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}