From d8651436c2baf8521881d990e8269a907d33de89 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 9 Feb 2026 23:57:13 +0000
Subject: [PATCH] chore(deps): bump the actions group across 1 directory with 8
 updates

Bumps the actions group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [docker/login-action](https://github.com/docker/login-action) | `3.4.0` | `3.7.0` |
| [sigstore/sigstore-conformance](https://github.com/sigstore/sigstore-conformance) | `0.0.18` | `0.0.25` |
| [chainguard-dev/actions](https://github.com/chainguard-dev/actions) | `1.4.7` | `1.5.16` |
| [cpanato/vault-installer](https://github.com/cpanato/vault-installer) | `1.2.0` | `1.4.0` |
| [imjasonh/setup-crane](https://github.com/imjasonh/setup-crane) | `0.4` | `0.5` |
| [mikefarah/yq](https://github.com/mikefarah/yq) | `4.47.1` | `4.52.2` |
| [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.4.2` | `2.4.3` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.4.3` | `5.5.2` |



Updates `docker/login-action` from 3.4.0 to 3.7.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/74a5d142397b4f367a81961eba4e8cd7edddf772...c94ce9fb468520275223c153574b00df6fe4bcc9)

Updates `sigstore/sigstore-conformance` from 0.0.18 to 0.0.25
- [Release notes](https://github.com/sigstore/sigstore-conformance/releases)
- [Commits](https://github.com/sigstore/sigstore-conformance/compare/fd90e6b0f3046f2276a6659481de6df495dea3b9...eae6eb1f59e25c6d3d602c5dad3dc55767c2f1cb)

Updates `chainguard-dev/actions` from 1.4.7 to 1.5.16
- [Release notes](https://github.com/chainguard-dev/actions/releases)
- [Commits](https://github.com/chainguard-dev/actions/compare/708219d4822f33611ac1a2653815cc10e1ab54a6...eba358c567c5b091e34187d905258baebdd2a4ec)

Updates `cpanato/vault-installer` from 1.2.0 to 1.4.0
- [Release notes](https://github.com/cpanato/vault-installer/releases)
- [Commits](https://github.com/cpanato/vault-installer/compare/e7c1d664fa15219e89e43739e39a9df11ba00849...fe568170412f5d81202ec528148f05176efbecc1)

Updates `imjasonh/setup-crane` from 0.4 to 0.5
- [Release notes](https://github.com/imjasonh/setup-crane/releases)
- [Commits](https://github.com/imjasonh/setup-crane/compare/31b88efe9de28ae0ffa220711af4b60be9435f6e...6da1ae018866400525525ce74ff892880c099987)

Updates `mikefarah/yq` from 4.47.1 to 4.52.2
- [Release notes](https://github.com/mikefarah/yq/releases)
- [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt)
- [Commits](https://github.com/mikefarah/yq/compare/f03c9dc599c37bfcaf533427211d05e51e6fee64...2be0094729a1006f61e8339ce9934bfb3cbb549f)

Updates `ossf/scorecard-action` from 2.4.2 to 2.4.3
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](https://github.com/ossf/scorecard-action/compare/05b42c624433fc40578a4040d5cf5e36ddca8cde...4eaacf0543bb3f2c246792bd56e8cdeffafb205a)

Updates `codecov/codecov-action` from 5.4.3 to 5.5.2
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/18283e04ce6e62d37312384ff67231eb8fd56d24...671740ac38dd9b0130fbe1cec585b89eea48d3de)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-version: 3.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: sigstore/sigstore-conformance
  dependency-version: 0.0.25
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: chainguard-dev/actions
  dependency-version: 1.5.16
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: cpanato/vault-installer
  dependency-version: 1.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: imjasonh/setup-crane
  dependency-version: '0.5'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: mikefarah/yq
  dependency-version: 4.52.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: ossf/scorecard-action
  dependency-version: 2.4.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: codecov/codecov-action
  dependency-version: 5.5.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/build.yaml                   | 2 +-
 .github/workflows/conformance.yml              | 2 +-
 .github/workflows/donotsubmit.yaml             | 2 +-
 .github/workflows/e2e-tests.yml                | 6 +++---
 .github/workflows/kind-verify-attestation.yaml | 4 ++--
 .github/workflows/scorecard-action.yml         | 2 +-
 .github/workflows/tests.yaml                   | 4 ++--
 .github/workflows/whitespace.yaml              | 4 ++--
 8 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 71b9de6c8c7..42fdf483744 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -68,7 +68,7 @@ jobs:
         run: gcloud auth configure-docker --quiet
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml
index d64220099de..04bdf16dba0 100644
--- a/.github/workflows/conformance.yml
+++ b/.github/workflows/conformance.yml
@@ -39,6 +39,6 @@ jobs:
 
       - run: make cosign conformance
 
-      - uses: sigstore/sigstore-conformance@fd90e6b0f3046f2276a6659481de6df495dea3b9 # v0.0.18
+      - uses: sigstore/sigstore-conformance@eae6eb1f59e25c6d3d602c5dad3dc55767c2f1cb # v0.0.25
         with:
           entrypoint: ${{ github.workspace }}/conformance
diff --git a/.github/workflows/donotsubmit.yaml b/.github/workflows/donotsubmit.yaml
index 43cdb3a4975..de077494f16 100644
--- a/.github/workflows/donotsubmit.yaml
+++ b/.github/workflows/donotsubmit.yaml
@@ -40,4 +40,4 @@ jobs:
           persist-credentials: false
 
       - name: Do Not Submit
-        uses: chainguard-dev/actions/donotsubmit@708219d4822f33611ac1a2653815cc10e1ab54a6 # v1.4.7
+        uses: chainguard-dev/actions/donotsubmit@eba358c567c5b091e34187d905258baebdd2a4ec # v1.5.16
diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml
index b8ceccc4247..c78ac99a3ce 100644
--- a/.github/workflows/e2e-tests.yml
+++ b/.github/workflows/e2e-tests.yml
@@ -94,14 +94,14 @@ jobs:
           persist-credentials: false
 
       - name: setup vault
-        uses: cpanato/vault-installer@e7c1d664fa15219e89e43739e39a9df11ba00849 # v1.2.0
+        uses: cpanato/vault-installer@fe568170412f5d81202ec528148f05176efbecc1 # v1.4.0
 
       - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
         with:
           go-version-file: 'go.mod'
           check-latest: true
 
-      - uses: imjasonh/setup-crane@31b88efe9de28ae0ffa220711af4b60be9435f6e # v0.4
+      - uses: imjasonh/setup-crane@6da1ae018866400525525ce74ff892880c099987 # v0.5
 
       - name: Install cluster + sigstore
         uses: sigstore/scaffolding/actions/setup@main
@@ -220,4 +220,4 @@ jobs:
 
     - name: Collect diagnostics
       if: ${{ failure() }}
-      uses: chainguard-dev/actions/kind-diag@708219d4822f33611ac1a2653815cc10e1ab54a6 # v1.4.7
+      uses: chainguard-dev/actions/kind-diag@eba358c567c5b091e34187d905258baebdd2a4ec # v1.5.16
diff --git a/.github/workflows/kind-verify-attestation.yaml b/.github/workflows/kind-verify-attestation.yaml
index cddb4c31444..9ff84dbd271 100644
--- a/.github/workflows/kind-verify-attestation.yaml
+++ b/.github/workflows/kind-verify-attestation.yaml
@@ -65,7 +65,7 @@ jobs:
     - uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9
 
     - name: Install yq
-      uses: mikefarah/yq@f03c9dc599c37bfcaf533427211d05e51e6fee64 # v4.47.1
+      uses: mikefarah/yq@2be0094729a1006f61e8339ce9934bfb3cbb549f # v4.52.2
 
     - name: build cosign
       run: |
@@ -156,7 +156,7 @@ jobs:
 
     - name: Collect diagnostics
       if: ${{ failure() }}
-      uses: chainguard-dev/actions/kind-diag@708219d4822f33611ac1a2653815cc10e1ab54a6 # v1.4.7
+      uses: chainguard-dev/actions/kind-diag@eba358c567c5b091e34187d905258baebdd2a4ec # v1.5.16
 
     - name: Create vuln attestation for it
       run: |
diff --git a/.github/workflows/scorecard-action.yml b/.github/workflows/scorecard-action.yml
index 3083085cf82..4466239bc00 100644
--- a/.github/workflows/scorecard-action.yml
+++ b/.github/workflows/scorecard-action.yml
@@ -45,7 +45,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2
+        uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
         with:
           results_file: results.sarif
           results_format: sarif
diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
index d87b0bfd58b..edcc38d7e7a 100644
--- a/.github/workflows/tests.yaml
+++ b/.github/workflows/tests.yaml
@@ -67,7 +67,7 @@ jobs:
       - name: Run Go tests
         run: go test -covermode atomic -coverprofile coverage.txt $(go list ./... | grep -v third_party/)
       - name: Upload Coverage Report
-        uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
+        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
         with:
           env_vars: OS
       - name: Run Go tests w/ `-race`
@@ -169,7 +169,7 @@ jobs:
 
       - name: Collect diagnostics
         if: ${{ failure() }}
-        uses: chainguard-dev/actions/kind-diag@708219d4822f33611ac1a2653815cc10e1ab54a6 # v1.4.7
+        uses: chainguard-dev/actions/kind-diag@eba358c567c5b091e34187d905258baebdd2a4ec # v1.5.16
 
   e2e-windows-powershell-tests:
     name: Run PowerShell E2E tests
diff --git a/.github/workflows/whitespace.yaml b/.github/workflows/whitespace.yaml
index 525a9d3b776..a51b5473dac 100644
--- a/.github/workflows/whitespace.yaml
+++ b/.github/workflows/whitespace.yaml
@@ -38,8 +38,8 @@ jobs:
         with:
           persist-credentials: false
 
-      - uses: chainguard-dev/actions/trailing-space@708219d4822f33611ac1a2653815cc10e1ab54a6 # v1.4.7
+      - uses: chainguard-dev/actions/trailing-space@eba358c567c5b091e34187d905258baebdd2a4ec # v1.5.16
         if: ${{ always() }}
 
-      - uses: chainguard-dev/actions/eof-newline@708219d4822f33611ac1a2653815cc10e1ab54a6 # v1.4.7
+      - uses: chainguard-dev/actions/eof-newline@eba358c567c5b091e34187d905258baebdd2a4ec # v1.5.16
         if: ${{ always() }}