Bump the ci-dependencies group with 7 updates

[dependabot]

Bumps the ci-dependencies group with 7 updates:

Package	From	To
sigstore/cosign-installer	3.7.0	3.8.1
docker/setup-buildx-action	3.8.0	3.10.0
docker/metadata-action	5.6.1	5.7.0
docker/build-push-action	6.13.0	6.15.0
actions/upload-artifact	4.6.0	4.6.1
actions/download-artifact	4.1.8	4.1.9
getsentry/action-release	1.9.0	2.0.0

Updates sigstore/cosign-installer from 3.7.0 to 3.8.1

Release notes

Sourced from sigstore/cosign-installer's releases.

v3.8.1

What's Changed

• use cosign 2.4.3 and other updates by @​cpanato in sigstore/cosign-installer#182

Full Changelog: sigstore/cosign-installer@v3...v3.8.1

v3.8.0

What's Changed

• test action against all non-rc releases, verify entry in rekor log by @​bobcallaway in sigstore/cosign-installer#179
• bump for cosign v2.4.2 release by @​bobcallaway in sigstore/cosign-installer#181

Full Changelog: sigstore/cosign-installer@v3...v3.8.0

Commits

• d7d6bc7 use cosign 2.4.3 and other updates (#182)
• c56c2d3 Bump actions/setup-go from 5.2.0 to 5.3.0 (#180)
• 02e36b8 bump for cosign v2.4.2 release (#181)
• 789d288 test action against all non-rc releases, verify entry in rekor log (#179)
• e11c089 Bump actions/setup-go from 5.1.0 to 5.2.0 (#178)
• 718228a Bump actions/setup-go from 5.0.2 to 5.1.0 (#176)
• 325063e Bump actions/checkout from 4.2.1 to 4.2.2 (#177)
• b929758 Bump actions/checkout from 4.2.0 to 4.2.1 (#175)
• See full diff in compare view

Updates docker/setup-buildx-action from 3.8.0 to 3.10.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v3.10.0

• Bump @​docker/actions-toolkit from 0.54.0 to 0.56.0 in docker/setup-buildx-action#408

Full Changelog: docker/setup-buildx-action@v3.9.0...v3.10.0

v3.9.0

• Bump @​docker/actions-toolkit from 0.48.0 to 0.54.0 in docker/setup-buildx-action#402 docker/setup-buildx-action#404

Full Changelog: docker/setup-buildx-action@v3.8.0...v3.9.0

Commits

• b5ca514 Merge pull request #408 from docker/dependabot/npm_and_yarn/docker/actions-to...
• 1418a4e chore: update generated content
• 93acf83 build(deps): bump @​docker/actions-toolkit from 0.54.0 to 0.56.0
• f7ce87c Merge pull request #404 from docker/dependabot/npm_and_yarn/docker/actions-to...
• aa1e2a0 chore: update generated content
• 673e008 build(deps): bump @​docker/actions-toolkit from 0.53.0 to 0.54.0
• ba31df4 Merge pull request #402 from docker/dependabot/npm_and_yarn/docker/actions-to...
• 5475af1 chore: update generated content
• acacad9 build(deps): bump @​docker/actions-toolkit from 0.48.0 to 0.53.0
• 6a25f98 Merge pull request #396 from crazy-max/bake-v6
• Additional commits viewable in compare view

Updates docker/metadata-action from 5.6.1 to 5.7.0

Release notes

Sourced from docker/metadata-action's releases.

v5.7.0

• Global expressions support for labels and annotations by @​crazy-max in docker/metadata-action#489
• Support disabling outputs as environment variables by @​omus in docker/metadata-action#497
• Bump @​docker/actions-toolkit from 0.44.0 to 0.56.0 in docker/metadata-action#507 docker/metadata-action#509
• Bump csv-parse from 5.5.6 to 5.6.0 in docker/metadata-action#482
• Bump moment-timezone from 0.5.46 to 0.5.47 in docker/metadata-action#501
• Bump semver from 7.6.3 to 7.7.1 in docker/metadata-action#504

Full Changelog: docker/metadata-action@v5.6.1...v5.7.0

Commits

• 902fa8e Merge pull request #504 from docker/dependabot/npm_and_yarn/semver-7.7.1
• c30b9c2 chore: update generated content
• 0698804 chore(deps): Bump semver from 7.6.3 to 7.7.1
• bb3eeca Merge pull request #501 from docker/dependabot/npm_and_yarn/moment-timezone-0...
• 94a839c chore: update generated content
• ecd51a0 Merge pull request #509 from docker/dependabot/npm_and_yarn/docker/actions-to...
• a85b1db chore(deps): Bump @​docker/actions-toolkit from 0.55.0 to 0.56.0
• 5a76a0e chore(deps): Bump moment-timezone from 0.5.46 to 0.5.47
• 1cc4a98 Merge pull request #482 from docker/dependabot/npm_and_yarn/csv-parse-5.6.0
• d84de1e chore: update generated content
• Additional commits viewable in compare view

Updates docker/build-push-action from 6.13.0 to 6.15.0

Release notes

Sourced from docker/build-push-action's releases.

v6.15.0

• Bump @​docker/actions-toolkit from 0.55.0 to 0.56.0 in docker/build-push-action#1330

Full Changelog: docker/build-push-action@v6.14.0...v6.15.0

v6.14.0

• Bump @​docker/actions-toolkit from 0.53.0 to 0.55.0 in docker/build-push-action#1324

Full Changelog: docker/build-push-action@v6.13.0...v6.14.0

Commits

• 471d1dc Merge pull request #1330 from docker/dependabot/npm_and_yarn/docker/actions-t...
• b89ff0a chore: update generated content
• 1e3ae3a chore(deps): Bump @​docker/actions-toolkit from 0.55.0 to 0.56.0
• b16f42f Merge pull request #1325 from crazy-max/buildx-edge
• dc0fea5 ci: update buildx to edge and buildkit to latest
• 0adf995 Merge pull request #1324 from docker/dependabot/npm_and_yarn/docker/actions-t...
• d88cd28 chore: update generated content
• 3d09a6b chore(deps): Bump @​docker/actions-toolkit from 0.53.0 to 0.55.0
• See full diff in compare view

Updates actions/upload-artifact from 4.6.0 to 4.6.1

Release notes

Sourced from actions/upload-artifact's releases.

v4.6.1

What's Changed

• Update to use artifact 2.2.2 package by @​yacaovsnc in actions/upload-artifact#673

Full Changelog: actions/upload-artifact@v4...v4.6.1

Commits

• 4cec3d8 Merge pull request #673 from actions/yacaovsnc/artifact_2.2.2
• e9fad96 license cache update for artifact
• b26fd06 Update to use artifact 2.2.2 package
• See full diff in compare view

Updates actions/download-artifact from 4.1.8 to 4.1.9

Release notes

Sourced from actions/download-artifact's releases.

v4.1.9

What's Changed

• Add workflow file for publishing releases to immutable action package by @​Jcambass in actions/download-artifact#354
• docs: small migration fix by @​froblesmartin in actions/download-artifact#370
• Update MIGRATION.md by @​andyfeller in actions/download-artifact#372
• Update artifact package to 2.2.2 by @​yacaovsnc in actions/download-artifact#380

New Contributors

• @​Jcambass made their first contribution in actions/download-artifact#354
• @​froblesmartin made their first contribution in actions/download-artifact#370
• @​andyfeller made their first contribution in actions/download-artifact#372
• @​yacaovsnc made their first contribution in actions/download-artifact#380

Full Changelog: actions/download-artifact@v4...v4.1.9

Commits

• cc20338 Merge pull request #380 from actions/yacaovsnc/release_4_1_9
• 1fc0fee Update artifact package to 2.2.2
• 7fba951 Merge pull request #372 from andyfeller/patch-1
• f9ceb77 Update MIGRATION.md
• 533298b Merge pull request #370 from froblesmartin/patch-1
• d06289e docs: small migration fix
• d0ce8fd Merge pull request #354 from actions/Jcambass-patch-1
• 1ce0d91 Add workflow file for publishing releases to immutable action package
• See full diff in compare view

Updates getsentry/action-release from 1.9.0 to 2.0.0

Release notes

Sourced from getsentry/action-release's releases.

2.0.0

[!NOTE]
This release contains no changes over v1.10.4 and is just meant to unblock users that have upgraded to v2 before.

We recommend pinning to v1.

Last week we pushed a v2 branch that triggered dependabot which treated it as a release. This was not meant to be a release, but many users have upgraded to v2.

This release will help unblock users that have upgraded to v2.

Please see: #258

1.11.0

• feat: Use hybrid docker/composite action approach (#265) by @​andreiborza

After receiving user feedback both on runtime and compatibility issues for 1.10.0 the action has been reworked to use a Docker based approach on Linux runners, mimicking < 1.9.0 versions, while Mac OS and Windows runners will follow the 1.10.0 approach of installing @sentry/cli in the run step.

1.10.5

Various fixes & improvements

• fix: Mark GITHUB_WORKSPACE a safe git directory (#260) by @​andreiborza

1.10.4

Various fixes & improvements

• fix(action): Use action/setup-node instead of unofficial volta action (#256) by @​andreiborza

1.10.3

Various fixes & improvements

• fix(ci): Use volta to ensure node and npm are available (#255) by @​andreiborza

1.10.2

• fix(action): Ensure working directory always starts out at repo root (#250)
• fix(action): Use npm instead of yarn to install sentry-cli (#251)

1.10.1

This release contains changes concerning maintainers of the repo and has no user-facing changes.

v1.10.0

• feat(action): Support macos and windows runners
  We now publish a composite action that runs on all runners. Actions can now be properly versioned, allowing pinning versions from here on out.

Changelog

Sourced from getsentry/action-release's changelog.

Changelog

1.11.0

• feat: Use hybrid docker/composite action approach (#265) by @​andreiborza

After receiving user feedback both on runtime and compatibility issues for 1.10.0 the action has been reworked to use a Docker based approach on Linux runners, mimicking < 1.9.0 versions, while Mac OS and Windows runners will follow the 1.10.0 approach of installing @sentry/cli in the run step.

1.10.5

Various fixes & improvements

• fix: Mark GITHUB_WORKSPACE a safe git directory (#260) by @​andreiborza

2.0.0

[!NOTE] This release contains no changes over v1.10.4 and is just meant to unblock users that have upgraded to v2 before.

We recommend pinning to v1.

Last week we pushed a v2 branch that triggered dependabot which treated it as a release. This was not meant to be a release, but many users have upgraded to v2.

This release will help unblock users that have upgraded to v2.

Please see: #209

1.10.4

Various fixes & improvements

• fix(action): Use action/setup-node instead of unofficial volta action (#256) by @​andreiborza

1.10.3

Various fixes & improvements

• fix(ci): Use volta to ensure node and npm are available (#255) by @​andreiborza

1.10.2

• fix(action): Ensure working directory always starts out at repo root (#250)
• fix(action): Use npm instead of yarn to install sentry-cli (#251)

1.10.1

... (truncated)

Commits

• e3542de release: 2.0.0
• 229bb2e meta(changelog): Add changelog for version 2.0.0 (#257)
• ee0aed6 Merge branch 'release/1.10.4'
• b5b5a8c release: 1.10.4
• 7e7cd36 fix(action): Use action/setup-node instead of unofficial volta action (#256)
• aeb68da Merge branch 'release/1.10.3'
• 12bba0b release: 1.10.3
• f921822 fix(ci): Use volta to ensure node and npm are available (#255)
• 3868f97 Merge branch 'release/1.10.2'
• 50f4a1a release: 1.10.2
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions