chore(deps): bump sigstore/cosign-installer from 3.9.0 to 4.0.0

[dependabot]

Bumps sigstore/cosign-installer from 3.9.0 to 4.0.0.

Release notes

Sourced from sigstore/cosign-installer's releases.

v4.0.0

What's Changed?

Note: You must upgrade to cosign-installer v4 if you want to install Cosign v3+. You may still install Cosign v2.x with cosign-installer v4.

• Add support for Cosign v3 releases (#201)

v3.10.1

What's Changed?

Note: cosign-installer v3.x cannot be used to install Cosign v3.x. You must upgrade to cosign-installer v4 in order to use Cosign v3.

Note: This is planned to be the final release of Cosign v2, though we will cut new releases for any critical security or bug fixes. We recommend transitioning to Cosign v3.

• Bump default Cosign to v2.6.1 (#203)

v3.10.0

What's Changed

• Bump default Cosign to v2.6.0 in sigstore/cosign-installer#200

Full Changelog: sigstore/cosign-installer@v3.9.2...v3.10.0

v3.9.2

What's Changed

• not fail fast and setup permissions in sigstore/cosign-installer#195
• drop old unsupported versions <v2.0.0 in sigstore/cosign-installer#192
• Update default to v2.5.3 in sigstore/cosign-installer#196

Full Changelog: sigstore/cosign-installer@v3.9.1...v3.9.2

v3.9.1

What's Changed

• default action install to use release v2.5.1 by @​cpanato in sigstore/cosign-installer#193
• default cosign to v2.5.2 by @​cpanato in sigstore/cosign-installer#194

Full Changelog: sigstore/cosign-installer@v3.9.0...v3.9.1

Commits

• faadad0 add support for cosign v3 releases (#201)
• d7543c9 Bump default Cosign to v2.6.0 (#200)
• 920f20f Bump actions/setup-go from 5.5.0 to 6.0.0 (#199)
• bb9dfc1 Bump actions/github-script from 7.0.1 to 8.0.0 (#198)
• 074636b Bump actions/checkout from 4.2.2 to 5.0.0 (#197)
• d58896d Update default to v2.5.3 (#196)
• e40248c drop old unsupported versions <v2.0.0 (#192)
• d9374b9 not fail fast and setup permissions (#195)
• 398d4b0 default cosign to v2.5.2 (#194)
• 84f54a2 default action install to use release v2.5.1 (#193)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.