From 3bc6bb38560252c4a1c233f17a4a46d684910e75 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 19 Dec 2023 08:51:54 +0000
Subject: [PATCH] build(deps): bump the ci group with 3 updates

Bumps the ci group with 3 updates: [korthout/backport-action](https://github.com/korthout/backport-action), [docker/metadata-action](https://github.com/docker/metadata-action) and [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer).

Updates `korthout/backport-action` from 2.2.0 to 2.3.0
- [Release notes](https://github.com/korthout/backport-action/releases)
- [Commits](https://github.com/korthout/backport-action/compare/b982d297e31f500652b2246cf26714796312bd23...addffea45a2f0b5682f1d5ba0506f45bc18bf174)

Updates `docker/metadata-action` from 5.3.0 to 5.4.0
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](https://github.com/docker/metadata-action/compare/31cebacef4805868f9ce9a0cb03ee36c32df2ac4...9dc751fe249ad99385a2583ee0d084c400eee04e)

Updates `sigstore/cosign-installer` from 3.2.0 to 3.3.0
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](https://github.com/sigstore/cosign-installer/compare/1fc5bd396d372bee37d608f955b336615edf79c8...9614fae9e5c5eddabb09f90a270fcb487c9f7149)

---
updated-dependencies:
- dependency-name: korthout/backport-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci
- dependency-name: docker/metadata-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci
...

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit 76813d8a0d1ab96315e0032585f8753d720152bb)
---
 .github/workflows/backport.yaml | 2 +-
 .github/workflows/release.yml   | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/backport.yaml b/.github/workflows/backport.yaml
index aef0d018..414c8e69 100644
--- a/.github/workflows/backport.yaml
+++ b/.github/workflows/backport.yaml
@@ -20,7 +20,7 @@ jobs:
         with:
           ref: ${{ github.event.pull_request.head.sha }}
       - name: Create backport PRs
-        uses: korthout/backport-action@b982d297e31f500652b2246cf26714796312bd23 # v2.2.0
+        uses: korthout/backport-action@addffea45a2f0b5682f1d5ba0506f45bc18bf174 # v2.3.0
         # xref: https://github.com/korthout/backport-action#inputs
         with:
           # Use token to allow workflows to be triggered for the created PR
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index a64f9aa0..51680957 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -59,7 +59,7 @@ jobs:
           password: ${{ secrets.DOCKER_FLUXCD_PASSWORD }}
       - name: Generate images meta
         id: meta
-        uses: docker/metadata-action@31cebacef4805868f9ce9a0cb03ee36c32df2ac4 # v5.3.0
+        uses: docker/metadata-action@9dc751fe249ad99385a2583ee0d084c400eee04e # v5.4.0
         with:
           images: |
             fluxcd/${{ env.CONTROLLER }}
@@ -79,7 +79,7 @@ jobs:
           platforms: linux/amd64,linux/arm/v7,linux/arm64
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-      - uses: sigstore/cosign-installer@1fc5bd396d372bee37d608f955b336615edf79c8 # v3.2.0
+      - uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 # v3.3.0
       - name: Sign images
         env:
           COSIGN_EXPERIMENTAL: 1