ci(deps): bump slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml from 2.0.0 to 2.1.0 by dependabot[bot] · Pull Request #75 · nself-org/cli

dependabot · 2026-04-20T16:11:33Z

Bumps slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml from 2.0.0 to 2.1.0.

Release notes

Sourced from slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml's releases.

v2.1.0

What's Changed

chore: v2.0.0: update tags to v2.0.0 by @ramonpetgrave64 in slsa-framework/slsa-github-generator#3584

fix: use @sigstore/cli in e2e.sign-attestations.schedule.yml by @ramonpetgrave64 in slsa-framework/slsa-github-generator#3572

docs: fix broken links by @suzuki-shunsuke in slsa-framework/slsa-github-generator#3605

chore(setup-go): update actions/setup-go to resolve the warning by @suzuki-shunsuke in slsa-framework/slsa-github-generator#3604

fix: Update release docs by @ramonpetgrave64 in slsa-framework/slsa-github-generator#3589

docs: Add Atsign-Foundation NoPorts to the Hall of Fame by @cpswan in slsa-framework/slsa-github-generator#3616

docs: Add v2.0.0 to SECURITY.md by @ianlewis in slsa-framework/slsa-github-generator#3630

docs: Add links to CHANGELOG by @ianlewis in slsa-framework/slsa-github-generator#3631

ci: fix PR title checker by @ianlewis in slsa-framework/slsa-github-generator#3632

ci: Add issue reopener by @ianlewis in slsa-framework/slsa-github-generator#3629

fix: update softprops/action-gh-release to v2.0.5 by @suzuki-shunsuke in slsa-framework/slsa-github-generator#3619

chore(renovate): use cron syntax for schedule by @rarkins in slsa-framework/slsa-github-generator#3638

chore: Fix Renovate config by @ianlewis in slsa-framework/slsa-github-generator#3635

feat: workflow to update actions dist by @ramonpetgrave64 in slsa-framework/slsa-github-generator#3653

fix(deps): update dependency @sigstore/rekor-types to v2 by @renovate-bot in slsa-framework/slsa-github-generator#3650

chore(deps): update github-actions (major) by @renovate-bot in slsa-framework/slsa-github-generator#3648

fix(deps): update dependency org.json:json to v20231013 [security] by @renovate-bot in slsa-framework/slsa-github-generator#3641

fix(deps): update module github.com/sigstore/cosign/v2 to v2.2.4 [security] by @renovate-bot in slsa-framework/slsa-github-generator#3640

chore(deps): update dependency pathspec to v0.12.1 by @renovate-bot in slsa-framework/slsa-github-generator#3644

fix(deps): update dependency @actions/github to v6 by @renovate-bot in slsa-framework/slsa-github-generator#3649

fix(deps): update module golang.org/x/oauth2 to v0.20.0 by @renovate-bot in slsa-framework/slsa-github-generator#3646

fix(deps): update npm by @renovate-bot in slsa-framework/slsa-github-generator#3647

chore: formatting by @ianlewis in slsa-framework/slsa-github-generator#3655

chore(deps): update github-actions by @renovate-bot in slsa-framework/slsa-github-generator#3642

docs: Add openfga as another user of slsa-github-generator via Github Actions by @aaguiarz in slsa-framework/slsa-github-generator#2950

fix(deps): update dependency org.apache.maven:maven-plugin-api to v3.9.6 by @renovate-bot in slsa-framework/slsa-github-generator#3645

chore: allow Renovate to create new config warning issues by @HonkingGoose in slsa-framework/slsa-github-generator#3662

chore: Fix markdown issues by @ianlewis in slsa-framework/slsa-github-generator#3658

chore(deps): update npm dev by @renovate-bot in slsa-framework/slsa-github-generator#3643

feat: Record vars in SLSA generators by @ianlewis in slsa-framework/slsa-github-generator#3633

chore(deps): update github-actions by @renovate-bot in slsa-framework/slsa-github-generator#3679

fix(deps): update dependency org.apache.maven:maven-plugin-api to v3.9.7 by @renovate-bot in slsa-framework/slsa-github-generator#3680

docs: Remove expected GA for Node.js builder by @ianlewis in slsa-framework/slsa-github-generator#3659

ci: Add formatting pre-submit check by @ianlewis in slsa-framework/slsa-github-generator#3654

fix(deps): update dependency org.apache.maven:maven-plugin-api to v3.9.8 by @renovate-bot in slsa-framework/slsa-github-generator#3712

chore(deps): bump the npm_and_yarn group across 10 directories with 2 updates by @dependabot in slsa-framework/slsa-github-generator#3714

chore(deps): update github-actions by @renovate-bot in slsa-framework/slsa-github-generator#3711

chore(deps): bump the go_modules group with 2 updates by @dependabot in slsa-framework/slsa-github-generator#3715

chore: slsa-verifier v2.6.0: Update action.yml by @ramonpetgrave64 in slsa-framework/slsa-github-generator#3736

fix: Update maven helper plugin build by @loosebazooka in slsa-framework/slsa-github-generator#3746

fix: maven e2e: remove verify job by @ramonpetgrave64 in slsa-framework/slsa-github-generator#3748

chore(deps): update github-actions by @renovate-bot in slsa-framework/slsa-github-generator#3753

chore(deps): bump github.com/docker/docker from 24.0.9+incompatible to 25.0.6+incompatible in the go_modules group by @dependabot in slsa-framework/slsa-github-generator#3760

chore(config): migrate renovate config by @renovate-bot in slsa-framework/slsa-github-generator#3774

chore(deps): update dependency org.apache.maven.plugins:maven-javadoc-plugin to v3.10.1 by @renovate-bot in slsa-framework/slsa-github-generator#3758

chore(deps): update dependency org.apache.maven.plugins:maven-deploy-plugin to v3.1.3 by @renovate-bot in slsa-framework/slsa-github-generator#3820

chore(deps): update dependency org.apache.maven.plugins:maven-gpg-plugin to v3.2.5 by @renovate-bot in slsa-framework/slsa-github-generator#3757

fix(deps): update npm by @renovate-bot in slsa-framework/slsa-github-generator#3754

... (truncated)

Changelog

Sourced from slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml's changelog.

v2.1.0

v2.1.0: Sigstore Bundles for Generic Generator and Go Builder

The workflows generator_generic_slsa3.yml and builder_go_slsa3.yml have been updated to produce signed Sigstore Bundles, just like all the other builders that use the BYOB framework.

The workflow logs will now print a LogIndex, rather than a LogUUID. Both are equally searchanble on https://search.sigstore.dev/.

v2.1.0: Vars context recorded in provenance

Updated: GitHub vars context is now recorded in provenance for the generic and container generators. The vars context cannot affect the build in the Go builder so it is not recorded.

Commits

f7dd8c5 update the ref in the pre-submit
0a5124b fix jq for the sigstore bundles
fbeecf0 update docs
f701310 update workflows
3618598 v2.1.0-rc.3
46f81fc chore: update refs to v2.1.0-rc.1 (#4120)
5d20c93 chore: use builder tag v2.1.0-rc.0 (#4118)
e27b237 chore: braces and ejs vulns (#4116)
8967e1c chore: Update CODEOWNERS (#4115)
47d1954 chore: update octokit deps (#4114)
Additional commits viewable in compare view

dependabot · 2026-04-20T16:11:34Z

Labels

The following labels could not be found: dependencies, github-actions. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

…/generator_generic_slsa3.yml Bumps [slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml](https://github.com/slsa-framework/slsa-github-generator) from 2.0.0 to 2.1.0. - [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases) - [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) - [Commits](slsa-framework/slsa-github-generator@v2.0.0...v2.1.0) --- updated-dependencies: - dependency-name: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml dependency-version: 2.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

vercel · 2026-05-03T17:23:26Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
cli	Ready	Preview, Comment	May 3, 2026 5:23pm

dependabot Bot force-pushed the dependabot/github_actions/slsa-framework/slsa-github-generator/dot-github/workflows/generator_generic_slsa3.yml-2.1.0 branch from 40e2fc4 to 86a83b7 Compare May 3, 2026 17:23

vercel Bot deployed to Preview May 3, 2026 17:23 View deployment

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

ci(deps): bump slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml from 2.0.0 to 2.1.0#75

ci(deps): bump slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml from 2.0.0 to 2.1.0#75
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/slsa-framework/slsa-github-generator/dot-github/workflows/generator_generic_slsa3.yml-2.1.0

dependabot Bot commented on behalf of github Apr 20, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github Apr 20, 2026

Uh oh!

vercel Bot commented May 3, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot Bot commented on behalf of github Apr 20, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v2.1.0

What's Changed

v2.1.0

v2.1.0: Sigstore Bundles for Generic Generator and Go Builder

v2.1.0: Vars context recorded in provenance

Uh oh!

dependabot Bot commented on behalf of github Apr 20, 2026

Labels

Uh oh!

vercel Bot commented May 3, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github Apr 20, 2026 •

edited

Loading

vercel Bot commented May 3, 2026 •

edited

Loading