Merge pull request #1386 from sigstore/dependabot/github_actions/acti…

…ons-b462159fb5

build(deps): Bump sigstore/cosign-installer from 3.6.0 to 3.7.0 in the actions group

.github/workflows/custom-test.yml

@@ -51,7 +51,7 @@ jobs:
   cosign:
     runs-on: ubuntu-latest
     steps:
-      - uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
+      - uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
 
       - name: Download initial root
         run: curl -o root.json ${METADATA_URL}/5.root.json
@@ -78,7 +78,7 @@ jobs:
   cosign-old-version:
     runs-on: ubuntu-latest
     steps:
-      - uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
+      - uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
         with:
           cosign-release: "v2.2.0"