From 86681582a3f0d7130bd266f015aeead766251639 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 13 May 2026 02:52:37 +0000
Subject: [PATCH] chore(deps): bump the actions group across 1 directory with 2
 updates

Bumps the actions group with 2 updates in the / directory: [chainguard-dev/actions](https://github.com/chainguard-dev/actions) and [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer).


Updates `chainguard-dev/actions` from 1.6.17 to 1.6.19
- [Release notes](https://github.com/chainguard-dev/actions/releases)
- [Commits](https://github.com/chainguard-dev/actions/compare/916fec00fb80f3cd124a0b41eef79ee63f607c5d...c69a264ec2a5934c3186c618f368fc1c86f16cff)

Updates `sigstore/cosign-installer` from 4.1.1 to 4.1.2
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](https://github.com/sigstore/cosign-installer/compare/cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003...6f9f17788090df1f26f669e9d70d6ae9567deba6)

---
updated-dependencies:
- dependency-name: chainguard-dev/actions
  dependency-version: 1.6.19
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: sigstore/cosign-installer
  dependency-version: 4.1.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/prepare-release.yaml | 2 +-
 .github/workflows/update-ca-cert.yaml  | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/prepare-release.yaml b/.github/workflows/prepare-release.yaml
index 8df7b68..3d4fef1 100644
--- a/.github/workflows/prepare-release.yaml
+++ b/.github/workflows/prepare-release.yaml
@@ -60,7 +60,7 @@ jobs:
           identity: prepare-release
 
       - name: Setup gitsign
-        uses: chainguard-dev/actions/setup-gitsign@916fec00fb80f3cd124a0b41eef79ee63f607c5d # v1.6.17
+        uses: chainguard-dev/actions/setup-gitsign@c69a264ec2a5934c3186c618f368fc1c86f16cff # v1.6.19
 
       - name: Patch XCCDF version
         run: |
diff --git a/.github/workflows/update-ca-cert.yaml b/.github/workflows/update-ca-cert.yaml
index a76b8a7..3689777 100644
--- a/.github/workflows/update-ca-cert.yaml
+++ b/.github/workflows/update-ca-cert.yaml
@@ -45,7 +45,7 @@ jobs:
           scope: ${{ github.repository }}
           identity: ca-cert-updater
       - name: Install cosign
-        uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1
+        uses: sigstore/cosign-installer@6f9f17788090df1f26f669e9d70d6ae9567deba6 # v4.1.2
       - name: Setup crane
         uses: imjasonh/setup-crane@6da1ae018866400525525ce74ff892880c099987 # v0.5
       - name: Pull and verify image
@@ -211,7 +211,7 @@ jobs:
           fi
       - name: Setup gitsign
         if: steps.changed.outputs.changed == 'true'
-        uses: chainguard-dev/actions/setup-gitsign@916fec00fb80f3cd124a0b41eef79ee63f607c5d # v1.6.17
+        uses: chainguard-dev/actions/setup-gitsign@c69a264ec2a5934c3186c618f368fc1c86f16cff # v1.6.19
       - name: Create Pull Request
         if: steps.changed.outputs.changed == 'true'
         uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1