Bump slsa-framework/slsa-github-generator from 1.5.0 to 1.6.0

[dependabot]

Bumps slsa-framework/slsa-github-generator from 1.5.0 to 1.6.0.

Release notes

Sourced from slsa-framework/slsa-github-generator's releases.

v1.6.0

This is an un-finalized release.

See the CHANGELOG for details.

v1.6.0-rc.3

See the CHANGELOG for details.

v1.6.0-rc.2

See the CHANGELOG for details.

v1.6.0-rc.1

This is an un-finalized pre-release.

See the CHANGELOG for details.

v1.6.0-rc.0

See the CHANGELOG for details.

Changelog

Sourced from slsa-framework/slsa-github-generator's changelog.

v1.6.0

This release includes the first beta release of the Node.js builder. The Node.js builder provides a GitHub Actions reusable workflow that can be called to build a Node.js package, generate SLSA Build L3 compliant provenance, and publish it to the npm registry along with the package.

Summary of changes

Go builder

New Features

• A new prerelease input was added to allow users to create releases marked as prerelease when upload-assets is set to true.
• A new input draft-release was added to allow users to create releases marked as draft when upload-assets is set to true.
• A new output go-provenance-name added which can be used to retrieve the name of the provenance file generated by the builder.

Generic generator

New Features

• A new input draft-release was added to allow users to create releases marked as draft when upload-assets is set to true.

Container generator

The Container Generator was updated to use cosign v2.0.0. No changes to the workflow's inputs or outputs were made.

Commits

• 8ff4f7f chore: Release v1.6.0-rc.3 (#2095)
• 670c38d fix(deps): update module github.com/sigstore/sigstore to v1.6.4 (#1689)
• c04243f fix(deps): update module github.com/in-toto/in-toto-golang to v0.9.0 (#1941)
• a574da8 fix(deps): update npm (#2105)
• af09839 feat: Break out npm publish into separate action (#2108)
• 4c58bbb chore(deps): update npm dev (#2102)
• cd7ad67 fix(deps): update module github.com/sigstore/rekor to v1.1.1 [security] (#2100)
• 652a21b chore(deps): update github/codeql-action action to v2.3.3 (#2101)
• 038b5b3 chore: update sigstore and slsa v1 deps (#2099)
• 5dfe44f feat: byob: secure upload attestation and public download Action (#2096)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)