From ba6853483c848e7eed9f3c859c532e766bb05092 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 7 May 2026 04:35:36 +0000
Subject: [PATCH] chore(deps): update sigstore/cosign-installer action to v4

---
 .github/workflows/build.yml   | 2 +-
 .github/workflows/release.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index fdd8227..a4d27e0 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -46,7 +46,7 @@ jobs:
           go-version-file: go.mod
           check-latest: true
           cache-dependency-path: "**/*.sum"
-      - uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0
+      - uses: sigstore/cosign-installer@6f9f17788090df1f26f669e9d70d6ae9567deba6 # v4.1.2
       - uses: anchore/sbom-action/download-syft@f8bdd1d8ac5e901a77a92f111440fdb1b593736b # v0.20.6
       - name: setup-tparse
         run: go install github.com/mfridman/tparse@latest
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index c8d828d..6aa6eb5 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -129,7 +129,7 @@ jobs:
         with:
           node-version: 22
 
-      - uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0
+      - uses: sigstore/cosign-installer@6f9f17788090df1f26f669e9d70d6ae9567deba6 # v4.1.2
       - name: Confirm cosign installation
         run: cosign version