Bump slsa-framework/slsa-github-generator from 1.2.2 to 1.4.0

[dependabot]

Bumps slsa-framework/slsa-github-generator from 1.2.2 to 1.4.0.

Release notes

Sourced from slsa-framework/slsa-github-generator's releases.

v1.4.0

What's Changed

🥳 This release is the first Generally Available version of the Container Generator workflow. The Container Generator workflow is now considered stable and can be included in your production GitHub Actions workflows 🥳

🎉 This is also the first release (technically the second) with support for the generally available version of sigstore!! 🎉 We hope to have fewer issues with sigstore infrastructure moving forward.

Generic Generator

Bug fixes

1. Allow users of the Generic Generator to generate provenance for artifacts created in a project subdirectory (#1225)

Go Builder

Bug fixes

1. Allow environment variables to contain '=' characters in the Go builder (#1231)

New Contributors

• @​cfergeau made their first contribution in slsa-framework/slsa-github-generator#1232
• @​DanAlbert made their first contribution in slsa-framework/slsa-github-generator#1239
• @​gal-legit made their first contribution in slsa-framework/slsa-github-generator#1252

Full Changelog

slsa-framework/slsa-github-generator@v1.2.2...v1.4.0

• Update references to main after v1.2.2 release by @​ianlewis in slsa-framework/slsa-github-generator#1228
• [generic] fix attestation file creation when subject names are in subdirectories by @​asraa in slsa-framework/slsa-github-generator#1226
• Update docs to use v1.2.2 by @​ianlewis in slsa-framework/slsa-github-generator#1229
• Update RELEASE docs by @​ianlewis in slsa-framework/slsa-github-generator#1227
• chore(deps): update npm dev to v5.43.0 by @​renovate-bot in slsa-framework/slsa-github-generator#1230
• builder: go: Allow equal signs in env vars by @​cfergeau in slsa-framework/slsa-github-generator#1232
• Ko example by @​ianlewis in slsa-framework/slsa-github-generator#951
• docs(generic-generator): clarify that created provenance is encapsulated by @​diogoteles08 in slsa-framework/slsa-github-generator#1235
• Fix semver regex in actions pre-submit by @​ianlewis in slsa-framework/slsa-github-generator#1233
• Fix typo in doc. by @​DanAlbert in slsa-framework/slsa-github-generator#1239
• Fix reference Gradle workflow. by @​DanAlbert in slsa-framework/slsa-github-generator#1240
• Start code freeze for v1.3.0 by @​ianlewis in slsa-framework/slsa-github-generator#1248
• Undo the v1.3.0 freeze by @​ianlewis in slsa-framework/slsa-github-generator#1260
• Badges and README updates by @​ianlewis in slsa-framework/slsa-github-generator#1263
• Fix docs for goreleaser with the generic generator to include docker di… by @​gal-legit in slsa-framework/slsa-github-generator#1252
• Fix grep by @​ianlewis in slsa-framework/slsa-github-generator#1249
• Exclude go from renovate PR grouping by @​ianlewis in slsa-framework/slsa-github-generator#1268
• chore(deps): update npm dev by @​renovate-bot in slsa-framework/slsa-github-generator#1243
• Fix permissions in doc by @​ianlewis in slsa-framework/slsa-github-generator#1247
• chore(deps): update github-actions by @​renovate-bot in slsa-framework/slsa-github-generator#1242
• Update GHA token permissions for generic container workflow by @​ianlewis in slsa-framework/slsa-github-generator#1258

... (truncated)

Changelog

Sourced from slsa-framework/slsa-github-generator's changelog.

Changelog since v1.4.0

slsa-framework/slsa-github-generator@v1.4.0...main

v1.4.0

What's Changed

This release is the first Generally Available version of the Container Generator workflow. The Container Generator workflow is now considered stable and can be included in your production GitHub Actions workflows

This is also the first release (technically the second) with support for the generally available version of sigstore!! We hope to have fewer issues with sigstore infrastructure moving forward.

Generic Generator

Bug fixes

1. Allow users of the Generic Generator to generate provenance for artifacts created in a project subdirectory (#1225)

Go Builder

Bug fixes

1. Allow environment variables to contain '=' characters in the Go builder (#1231)

New Contributors

• @​cfergeau made their first contribution in slsa-framework/slsa-github-generator#1232
• @​DanAlbert made their first contribution in slsa-framework/slsa-github-generator#1239
• @​gal-legit made their first contribution in slsa-framework/slsa-github-generator#1252

Full Changelog

slsa-framework/slsa-github-generator@v1.2.2...v1.4.0

v1.4.0-rc.2

*_This is a pre-release. It is not meant for general consumption. The following is the proposed release notes for the official release. _

What's Changed

This release is the first Generally Available version of the generic container workflow. The generic container workflow is now considered stable and can be included in your production GitHub Actions workflows

This is also the first release with support for the generally available version of sigstore!

This release also includes a couple of bug fixes:

1. Allow users of the generic generator workflow to generate provenance using for artifacts created in a project subdirectory (#1225)
2. Allow environment variables to contain '=' characters in the Go workflow (#1231)

... (truncated)

Commits

• 68bad40 chore: set references for v1.4.0 release (#1292)
• c40a5cf Update refs to v1.4.0-rc.2 (#1290)
• 962f777 Update generate-builder tag check to support pre-releases (#1287)
• 3ba1c6f Undo freeze for v1.4.0-rc.1 (#1288)
• 02134cf Code freeze for v1.4.0-rc.1 (#1285)
• 18a7d07 Revert package perms (#1283)
• bf4bbb9 undo freeze (#1284)
• 1c90d8b Code freeze v1.4.0 rc.0 (#1271)
• c2b9104 restore compile-builder pre-submit (#1272)
• cfa53e7 Update references check to support pre-release (#1270)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov-commenter]

Codecov Report

Merging #1574 (a22ef66) into main (4a0e0af) will increase coverage by 0.03%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main    #1574      +/-   ##
==========================================
+ Coverage   72.92%   72.95%   +0.03%     
==========================================
  Files         118      118              
  Lines        9417     9417              
==========================================
+ Hits         6867     6870       +3     
+ Misses       1857     1855       -2     
+ Partials      693      692       -1     

Impacted Files	Coverage Δ
pkg/v1/remote/write.go	62.84% <0.00%> (+0.41%)	⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[dependabot]

Superseded by #1580.