chore(deps): bump the actions group across 1 directory with 2 updates

[dependabot]

Bumps the actions group with 2 updates in the / directory: sigstore/cosign-installer and anchore/sbom-action.

Updates sigstore/cosign-installer from 3.5.0 to 3.6.0

Release notes

Sourced from sigstore/cosign-installer's releases.

v3.6.0

What's Changed

• Bump actions/checkout from 4.1.2 to 4.1.3 by @​dependabot in sigstore/cosign-installer#161
• Bump actions/checkout from 4.1.3 to 4.1.4 by @​dependabot in sigstore/cosign-installer#162
• Bump actions/setup-go from 5.0.0 to 5.0.1 by @​dependabot in sigstore/cosign-installer#163
• Bump actions/checkout from 4.1.4 to 4.1.5 by @​dependabot in sigstore/cosign-installer#164
• Bump actions/checkout from 4.1.5 to 4.1.6 by @​dependabot in sigstore/cosign-installer#165
• Bump actions/checkout from 4.1.6 to 4.1.7 by @​dependabot in sigstore/cosign-installer#166
• Bump actions/setup-go from 5.0.1 to 5.0.2 by @​dependabot in sigstore/cosign-installer#167
• pin public key used for verification by @​bobcallaway in sigstore/cosign-installer#169
• bump default version to v2.4.0 release by @​bobcallaway in sigstore/cosign-installer#168
• update readme for new release by @​bobcallaway in sigstore/cosign-installer#170

Full Changelog: sigstore/cosign-installer@v3...v3.6.0

Commits

• 4959ce0 update readme for new release (#170)
• 45ffe83 bump default version to v2.4.0 release (#168)
• 7e1d9c1 pin public key used for verification (#169)
• cc23fe1 Bump actions/setup-go from 5.0.1 to 5.0.2 (#167)
• b235ed9 Bump actions/checkout from 4.1.6 to 4.1.7 (#166)
• b49ef6b Bump actions/checkout from 4.1.5 to 4.1.6 (#165)
• 7a59e5a Bump actions/checkout from 4.1.4 to 4.1.5 (#164)
• 8d927bd Bump actions/setup-go from 5.0.0 to 5.0.1 (#163)
• 8c9caa0 Bump actions/checkout from 4.1.3 to 4.1.4 (#162)
• 19351d0 Bump actions/checkout from 4.1.2 to 4.1.3 (#161)
• See full diff in compare view

Updates anchore/sbom-action from 0.17.0 to 0.17.2

Release notes

Sourced from anchore/sbom-action's releases.

v0.17.2

Changes in v0.17.2

• Update Syft to v1.11.1 (#485) [anchore-actions-token-generator]

v0.17.1

Changes in v0.17.1

• chore(deps): update Syft to v1.11.0 (#483) [anchore-actions-token-generator]

Commits

• 61119d4 chore(deps): update Syft to v1.11.1 (#485)
• ab9d16d chore(deps): update Syft to v1.11.0 (#483)
• fe5e7c3 doc: Updates for the Slack to Discourse migration (#484)
• f2d02cb chore: Create issue template (#481)
• ca15f99 docs: CODE_OF_CONDUCT.md (#480)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

The following labels could not be found: github_actions.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 60.84%. Comparing base (aa4bc99) to head (5325d3b).
Report is 5 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #2721   +/-   ##
=======================================
  Coverage   60.83%   60.84%           
=======================================
  Files         563      563           
  Lines       75169    75169           
=======================================
+ Hits        45730    45733    +3     
+ Misses      26072    26071    -1     
+ Partials     3367     3365    -2     

Flag	Coverage Δ
contribs/gnodev	61.46% <ø> (+0.81%)	⬆️
contribs/gnofaucet	15.31% <ø> (+0.85%)	⬆️
gno.land	67.21% <ø> (ø)
gnovm	65.59% <ø> (ø)
misc/genstd	80.54% <ø> (ø)
misc/logos	19.88% <ø> (-0.36%)	⬇️
tm2	62.03% <ø> (-0.04%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.