Bump slsa-framework/slsa-verifier from 2.7.0 to 2.7.1 #2113

dependabot · 2025-06-30T02:53:36Z

Bumps slsa-framework/slsa-verifier from 2.7.0 to 2.7.1.

Release notes

Sourced from slsa-framework/slsa-verifier's releases.

v2.7.1

What's Changed

chore: Update docs for v2.7.0 by @ramonpetgrave64 in slsa-framework/slsa-verifier#829

docs(npm): "exmaple" spelling fix by @scop in slsa-framework/slsa-verifier#832

chore: update test files for v2.1.0 by @ramonpetgrave64 in slsa-framework/slsa-verifier#836

feat: verify provenance for bcr modules produced by trusted reusable workflows by @loosebazooka in slsa-framework/slsa-verifier#840

chore(deps): update golang:1.23 docker digest to cc458d7 by @renovate-bot in slsa-framework/slsa-verifier#838

fix: less parallelism in tests by @ramonpetgrave64 in slsa-framework/slsa-verifier#851

chore(deps): bump @octokit/request-error from 5.0.1 to 5.1.1 in /actions/installer in the npm_and_yarn group across 1 directory by @dependabot in slsa-framework/slsa-verifier#833

chore(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 in the go_modules group by @dependabot in slsa-framework/slsa-verifier#835

chore(deps): bump the go_modules group across 1 directory with 2 updates by @dependabot in slsa-framework/slsa-verifier#853

fix(deps): update npm by @renovate-bot in slsa-framework/slsa-verifier#843

fix(deps): update golang.org/x/exp digest to dcc06ee by @renovate-bot in slsa-framework/slsa-verifier#839

fix: no parallel regression tests by @ramonpetgrave64 in slsa-framework/slsa-verifier#855

chore(deps): update golang:1.23 docker digest to dd5cc4b by @renovate-bot in slsa-framework/slsa-verifier#847

chore(deps): update gcr.io/distroless/base:nonroot docker digest to 0a0dc20 by @renovate-bot in slsa-framework/slsa-verifier#844

chore(deps): bump the npm_and_yarn group across 2 directories with 5 updates by @dependabot in slsa-framework/slsa-verifier#854

feat: Bazel not experimental by @ramonpetgrave64 in slsa-framework/slsa-verifier#850

docs: add section for verify-github-attestation by @loosebazooka in slsa-framework/slsa-verifier#858

New Contributors

@scop made their first contribution in slsa-framework/slsa-verifier#832

@loosebazooka made their first contribution in slsa-framework/slsa-verifier#840

Full Changelog: slsa-framework/slsa-verifier@v2.7.0...v2.7.1

v2.7.1-rc.2

What's Changed

chore(deps): update golang:1.23 docker digest to cc458d7 by @renovate-bot in slsa-framework/slsa-verifier#838

fix: less parallelism in tests by @ramonpetgrave64 in slsa-framework/slsa-verifier#851

chore(deps): bump @octokit/request-error from 5.0.1 to 5.1.1 in /actions/installer in the npm_and_yarn group across 1 directory by @dependabot in slsa-framework/slsa-verifier#833

chore(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 in the go_modules group by @dependabot in slsa-framework/slsa-verifier#835

chore(deps): bump the go_modules group across 1 directory with 2 updates by @dependabot in slsa-framework/slsa-verifier#853

fix(deps): update npm by @renovate-bot in slsa-framework/slsa-verifier#843

fix(deps): update golang.org/x/exp digest to dcc06ee by @renovate-bot in slsa-framework/slsa-verifier#839

fix: no parallel regression tests by @ramonpetgrave64 in slsa-framework/slsa-verifier#855

chore(deps): update golang:1.23 docker digest to dd5cc4b by @renovate-bot in slsa-framework/slsa-verifier#847

chore(deps): update gcr.io/distroless/base:nonroot docker digest to 0a0dc20 by @renovate-bot in slsa-framework/slsa-verifier#844

chore(deps): bump the npm_and_yarn group across 2 directories with 5 updates by @dependabot in slsa-framework/slsa-verifier#854

feat: Bazel not experimental by @ramonpetgrave64 in slsa-framework/slsa-verifier#850

docs: add section for verify-github-attestation by @loosebazooka in slsa-framework/slsa-verifier#858

Full Changelog: slsa-framework/slsa-verifier@v2.7.1-rc.1...v2.7.1-rc.2

v2.7.1-rc.1

What's Changed

chore: Update docs for v2.7.0 by @ramonpetgrave64 in slsa-framework/slsa-verifier#829

docs(npm): "exmaple" spelling fix by @scop in slsa-framework/slsa-verifier#832

chore: update test files for v2.1.0 by @ramonpetgrave64 in slsa-framework/slsa-verifier#836

... (truncated)

Commits

ea584f4 docs: add section for verify-github-attestation (#858)
2950204 feat: Bazel not experimental (#850)
08d54ab chore(deps): bump the npm_and_yarn group across 2 directories with 5 updates ...
09889f2 chore(deps): update gcr.io/distroless/base:nonroot docker digest to 0a0dc20 (...
7135755 chore(deps): update golang:1.23 docker digest to dd5cc4b (#847)
4f28a95 fix: no parallel regression tests (#855)
1595a06 fix(deps): update golang.org/x/exp digest to dcc06ee (#839)
e0b3ab7 fix(deps): update npm (#843)
b02ea50 chore(deps): bump the go_modules group across 1 directory with 2 updates (#853)
f6be75a chore(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 in the go...
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [slsa-framework/slsa-verifier](https://github.com/slsa-framework/slsa-verifier) from 2.7.0 to 2.7.1. - [Release notes](https://github.com/slsa-framework/slsa-verifier/releases) - [Changelog](https://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md) - [Commits](slsa-framework/slsa-verifier@v2.7.0...v2.7.1) --- updated-dependencies: - dependency-name: slsa-framework/slsa-verifier dependency-version: 2.7.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies github_actions Pull requests that update Github_actions code labels Jun 30, 2025

brandonmichigangithub approved these changes Jul 14, 2025

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump slsa-framework/slsa-verifier from 2.7.0 to 2.7.1 #2113

Bump slsa-framework/slsa-verifier from 2.7.0 to 2.7.1 #2113

Uh oh!

dependabot bot commented on behalf of github Jun 30, 2025

Uh oh!

Uh oh!

Bump slsa-framework/slsa-verifier from 2.7.0 to 2.7.1 #2113

Are you sure you want to change the base?

Bump slsa-framework/slsa-verifier from 2.7.0 to 2.7.1 #2113

Uh oh!

Conversation

dependabot bot commented on behalf of github Jun 30, 2025

v2.7.1

What's Changed

New Contributors

v2.7.1-rc.2

What's Changed

v2.7.1-rc.1

What's Changed

Uh oh!

Uh oh!