From 6ce58742c39fae69086d0166b933bb056cd1430a Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 21 Apr 2026 16:58:36 +0000
Subject: [PATCH] chore(deps): update sigstore/cosign-installer action to v4

---
 .github/workflows/bake_targets.yml    | 2 +-
 .github/workflows/update-catalogs.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/bake_targets.yml b/.github/workflows/bake_targets.yml
index 3ae2b68..0782df6 100644
--- a/.github/workflows/bake_targets.yml
+++ b/.github/workflows/bake_targets.yml
@@ -68,7 +68,7 @@ jobs:
 
       # Even if we're testing we sign the images, so we can push them to production later if that's required
       - name: Install cosign
-        uses: sigstore/cosign-installer@398d4b0eeef1380460a10c8013a76f728fb906ac # v3
+        uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1
         # See https://github.blog/security/supply-chain-security/safeguard-container-signing-capability-actions/
         # and https://github.com/actions/starter-workflows/blob/main/ci/docker-publish.yml for more details on
         # how to use cosign.
diff --git a/.github/workflows/update-catalogs.yml b/.github/workflows/update-catalogs.yml
index 03e9d5b..fe2d81b 100644
--- a/.github/workflows/update-catalogs.yml
+++ b/.github/workflows/update-catalogs.yml
@@ -47,7 +47,7 @@ jobs:
           args: generate-catalogs --catalogs-dir artifacts/image-catalogs/ export --path artifacts/image-catalogs-extensions/
 
       - name: Install cosign
-        uses: sigstore/cosign-installer@398d4b0eeef1380460a10c8013a76f728fb906ac # v3
+        uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1
 
       - name: Sign catalogs
         run: |