diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5debb5c2..94756cec 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -74,7 +74,7 @@ jobs: # cosign + syft need to be on PATH before goreleaser runs — goreleaser # shells out to both for the signs/docker_signs/sboms sections. - name: Install cosign - uses: sigstore/cosign-installer@7e8b541eb2e61bf99390e1afd4be13a184e9ebc5 # v3.10.1 + uses: sigstore/cosign-installer@6f9f17788090df1f26f669e9d70d6ae9567deba6 # v4.1.2 - name: Install syft (for SBOM generation) uses: anchore/sbom-action/download-syft@e22c389904149dbc22b58101806040fa8d37a610 # v0.24.0