chore(deps): bump sigstore/cosign-installer from 3.0.3 to 3.0.5

[dependabot]

Bumps sigstore/cosign-installer from 3.0.3 to 3.0.5.

Release notes

Sourced from sigstore/cosign-installer's releases.

v3.0.5

What's Changed

• download cosign releases from GitHub rather than GCS by @​bobcallaway in sigstore/cosign-installer#126

Full Changelog: sigstore/cosign-installer@v3.0.4...v3.0.5

v3.0.4

• Include fix for sigstore/cosign-installer#124

Commits

• dd6b2e2 download cosign releases from GitHub rather than GCS (#126)
• 8e47e41 add --yes option to cosign sign (#125)
• 87f4580 Remove warning about OIDC signing being experimental (#123)
• 03d0fec Fix unsafe evaluation of inputs.use-sudo (#124)
• 46b5db7 use intermediate environment variables to avoid risks of script injection (#122)
• 84448ba we should rely upon the digests not the tags, typos (#121)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information

[github-actions]

Go Published Test Results

1 952 tests   1 952 ✔️  2m 35s ⏱️
   118 suites         0 💤
       1 files           0 ❌

Results for commit 41b5d58.

[codecov]

Codecov Report

Patch and project coverage have no change.

Comparison is base (c683ade) 81.64% compared to head (41b5d58) 81.64%.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #2788   +/-   ##
=======================================
  Coverage   81.64%   81.64%           
=======================================
  Files         133      133           
  Lines       20178    20178           
=======================================
  Hits        16475    16475           
  Misses       2849     2849           
  Partials      854      854           

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

[github-actions]

E2E Tests Published Test Results

    4 files      4 suites   3h 25m 47s ⏱️
  96 tests   83 ✔️   5 💤   8 ❌
396 runs  364 ✔️ 20 💤 12 ❌

For more details on these failures, see this check.

Results for commit 41b5d58.