chore(deps): update dependency sigstore/cosign to v3

.gitea/workflows/artifacthub-metadata.yaml

@@ -20,7 +20,7 @@ jobs:
       with:
         username: ${{ secrets.DOCKER_IO_USERNAME }}
         password: ${{ secrets.DOCKER_IO_PASSWORD }}
-    - uses: oras-project/setup-oras@v2.0.0
+    - uses: oras-project/setup-oras@v1.2.4
       with:
         version: 1.3.2 # renovate: datasource=github-tags depName=oras-project/oras extractVersion='^v?(?<version>.*)$'
     - name: Push artifacthub-repo.yml to git.cryptic.systems

.gitea/workflows/golang-linters.yaml

@@ -26,4 +26,4 @@ jobs:
         go-version: ${{ matrix.go }}
     - uses: golangci/golangci-lint-action@v9.2.0
       with:
-        version: v2.12.2 # renovate: datasource=github-releases depName=golangci/golangci-lint
+        version: v2.12.0 # renovate: datasource=github-releases depName=golangci/golangci-lint

.gitea/workflows/release.yaml

@@ -31,7 +31,7 @@ jobs:
             "https://github.com/anchore/syft/releases/download/v${SYFT_VERSION}/syft_${SYFT_VERSION}_${OS}_${ARCH}.deb"
         dpkg -i syft_${SYFT_VERSION}_${OS}_${ARCH}.deb
         rm syft_${SYFT_VERSION}_${OS}_${ARCH}.deb
-    - uses: volker-raschek/cosign-installer@v4.1.2-rc3
+    - uses: sigstore/cosign-installer@v4.1.1
       with:
         cosign-release: "v3.0.6" # renovate: datasource=github-tags depName=sigstore/cosign
     - uses: docker/setup-qemu-action@v4.0.0
@@ -52,7 +52,7 @@ jobs:
         GITEA_TOKEN: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
         GONOSUMDB: ${{ vars.GONOSUMDB }}
         GOPROXY: ${{ vars.GOPROXY }}
-      uses: goreleaser/goreleaser-action@v7.2.2
+      uses: goreleaser/goreleaser-action@v7.2.1
       with:
         version: v2.15.4 # renovate: datasource=github-releases depName=goreleaser/goreleaser
         args: release --clean

.gitignore

@@ -1,4 +1,3 @@
 dcmerge
-cosign.*
 coverage.*
-dist
+dist