Bump sigstore/gh-action-sigstore-python from 3.0.0 to 3.4.0

[dependabot]

Bumps sigstore/gh-action-sigstore-python from 3.0.0 to 3.4.0.

Release notes

Sourced from sigstore/gh-action-sigstore-python's releases.

v3.4.0

What's Changed

• Used sigstore package version is now 4.3.0
• Other dependency updates

Full Changelog: sigstore/gh-action-sigstore-python@v3.3.0...v3.4.0

v3.3.0

What's Changed

• Dependency updates. Most importantly used sigstore-python is now version 4.2.0

Full Changelog: sigstore/gh-action-sigstore-python@v3.2.0...v3.3.0

v3.2.0

gh-action-sigstore-python action now manages the used Python version internally, improving reliability.

Changed

• Manage Python version internally (#242, #258)
• Dependency updates

v3.1.0

gh-action-sigstore-python is now compatible with Rekor v2 transparency log (but produced signature bundles still contain Rekor v1 entries by default).

Changed

• The action now uses sigstore-python 4.1. All other dependencies are also updated (#220)

Fixed

• Fixed incompatibility with Python 3.14 by upgrading dependencies (#225)

Added

• rekor-version argument was added to control the Rekor transparency log version when signing. The default version in the gh-action-sigstore-python 3.x series will remain 1 (except when using staging: true). (#228)

v3.0.1

Changed

• The minimum Python version supported by this action is now 3.9 (#155)
• The action's Python dependencies are now fully pinned to specific versions (#165)

... (truncated)

Changelog

Sourced from sigstore/gh-action-sigstore-python's changelog.

Changelog

All notable changes to gh-action-sigstore-python will be documented in this file.

The format is based on Keep a Changelog.

All versions prior to 3.0.0 are untracked.

[Unreleased]

[3.2.0]

gh-action-sigstore-python now manages the used Python version internally, improving reliability.

Changed

• Manage Python version internally (#242, #258)
• Dependency updates

[3.1.0]

gh-action-sigstore-python is now compatible with Rekor v2 transparency log (but produced signature bundles still contain Rekor v1 entries by default).

Changed

• The action now uses sigstore-python 4.1. All other dependencies are also updated (#220)

Fixed

• Fixed incompatibility with Python 3.14 by upgrading dependencies (#225)

Added

• rekor-version argument was added to control the Rekor transparency log version when signing. The default version in the gh-action-sigstore-python 3.x series will remain 1 (except when using staging: true). (#228)

[3.0.1]

Changed

• The minimum Python version supported by this action is now 3.9 (#155)

... (truncated)

Commits

• 5b79a39 build(deps): bump sigstore in the python-dependencies group (#408)
• 3d7f17b build(deps): bump idna in the python-dependencies group (#407)
• 2d128b7 build(deps): bump github/codeql-action in the actions group (#405)
• 06882d3 build(deps): bump the python-dependencies group with 3 updates (#406)
• bab6f77 build(deps): bump the actions group across 1 directory with 3 updates (#403)
• f98c429 build(deps): bump securesystemslib in the python-dependencies group (#404)
• db9196e build(deps): bump the python-dependencies group across 1 directory with 3 upd...
• 839093d build(deps): bump certifi from 2026.4.22 to 2026.5.20 in the python-dependenc...
• d9df9da build(deps): bump ast-serialize in the python-dependencies group (#397)
• 2f7a761 build(deps): bump github/codeql-action in the actions group (#395)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)