chore(deps): bump slsa-framework/slsa-github-generator from 1.5.0 to 1.6.0

[dependabot]

Bumps slsa-framework/slsa-github-generator from 1.5.0 to 1.6.0.

Release notes

Sourced from slsa-framework/slsa-github-generator's releases.

v1.6.0

See the CHANGELOG for details.

v1.6.0-rc.3

See the CHANGELOG for details.

v1.6.0-rc.2

See the CHANGELOG for details.

v1.6.0-rc.1

This is an un-finalized pre-release.

See the CHANGELOG for details.

v1.6.0-rc.0

See the CHANGELOG for details.

Changelog

Sourced from slsa-framework/slsa-github-generator's changelog.

v1.6.0

This release includes the first beta release of the Node.js builder. The Node.js builder provides a GitHub Actions reusable workflow that can be called to build a Node.js package, generate SLSA Build L3 compliant provenance, and publish it to the npm registry along with the package.

Summary of changes

Go builder

New Features

• A new prerelease input was added to allow users to create releases marked as prerelease when upload-assets is set to true.
• A new input draft-release was added to allow users to create releases marked as draft when upload-assets is set to true.
• A new output go-provenance-name added which can be used to retrieve the name of the provenance file generated by the builder.

Generic generator

New Features

• A new input draft-release was added to allow users to create releases marked as draft when upload-assets is set to true.

Container generator

The Container Generator was updated to use cosign v2.0.0. No changes to the workflow's inputs or outputs were made.

Commits

• 0779f7b chore: Release v1.6.0 (#2118)
• 8ff4f7f chore: Release v1.6.0-rc.3 (#2095)
• 670c38d fix(deps): update module github.com/sigstore/sigstore to v1.6.4 (#1689)
• c04243f fix(deps): update module github.com/in-toto/in-toto-golang to v0.9.0 (#1941)
• a574da8 fix(deps): update npm (#2105)
• af09839 feat: Break out npm publish into separate action (#2108)
• 4c58bbb chore(deps): update npm dev (#2102)
• cd7ad67 fix(deps): update module github.com/sigstore/rekor to v1.1.1 [security] (#2100)
• 652a21b chore(deps): update github/codeql-action action to v2.3.3 (#2101)
• 038b5b3 chore: update sigstore and slsa v1 deps (#2099)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[crenshaw-dev]

/cherry-pick release-2.7

[codecov]

Codecov Report

Patch coverage: 80.59% and project coverage change: +0.07 🎉

Comparison is base (5662367) 48.98% compared to head (841ce5f) 49.05%.

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #13656      +/-   ##
==========================================
+ Coverage   48.98%   49.05%   +0.07%     
==========================================
  Files         249      249              
  Lines       43066    43122      +56     
==========================================
+ Hits        21094    21155      +61     
+ Misses      19864    19855       -9     
- Partials     2108     2112       +4     

Impacted Files	Coverage Δ
util/git/client.go	50.00% <37.50%> (ø)
server/cluster/cluster.go	50.13% <85.71%> (+10.20%)	⬆️
pkg/apis/application/v1alpha1/types.go	59.68% <100.00%> (+0.09%)	⬆️

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

[gcp-cherry-pick-bot]

Cherry-pick failed with Merge error 6bd178debc37e6d3302bec9189c7878b537d03bf into temp-cherry-pick-c6e04f-release-2.7