chore(deps): bump slsa-framework/slsa-github-generator from 1.9.1 to 1.10.0

[dependabot]

Bumps slsa-framework/slsa-github-generator from 1.9.1 to 1.10.0.

Release notes

Sourced from slsa-framework/slsa-github-generator's releases.

v1.10.0

See the CHANGELOG for details.

Changelog

Sourced from slsa-framework/slsa-github-generator's changelog.

v1.10.0

Release [v1.10.0] includes bug fixes and new features.

See the full change list.

v1.10.0: TUF fix

• The cosign TUF roots were fixed (#3350). More details here.

v1.10.0: Gradle Builder

• The Gradle Builder was fixed when the project root is the same as the repository root (#2727)

v1.10.0: Go Builder

• The go-version-file input was fixed so that it can find the go.mod file (#2661)

v1.10.0: Container Generator

• A new provenance-repository input was added to allow reading provenance from a different container repository than the image itself (#2956)

v1.9.0

Release [v1.9.0] includes bug fixes and new features.

See the full change list.

v1.9.0: BYOB framework (beta)

• New: A new framework to turn GitHub Actions into SLSA compliant builders.

v1.9.0: Maven builder (beta)

• New: A Maven builder to build Java projects and publish to Maven central.

v1.9.0: Gradle builder (beta)

• New: A Gradle builder to build Java projects and publish to Maven central.

v1.9.0: JReleaser builder

• New: A JReleaser builder that wraps the official JReleaser Action.

v1.8.0

Release [v1.8.0] includes bug fixes and new features.

... (truncated)

Commits

• c747fe7 chore: Update ref for v1.10.0 release (#3420)
• d97d88e chore: v1.10.0-rc.0 (#3418)
• 6ff2c75 chore: Amend readme text before release (#3402)
• 2cf77fa chore: Revert "fix: remove attestation-name input and output" (#3399)
• 5c347c0 chore: ref builders at main (#3417)
• e4fc9a0 chore: fix release workflow (#3414)
• 6953299 chore: v1.9.1-rc.0 (#3413)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

[github-actions]

Go Published Test Results

2 142 tests   2 142 ✅  2m 51s ⏱️
  119 suites      0 💤
    1 files        0 ❌

Results for commit 75f3db9.

[github-actions]

E2E Tests Published Test Results

  4 files    4 suites   3h 42m 37s ⏱️
108 tests  98 ✅  6 💤  4 ❌
442 runs  408 ✅ 24 💤 10 ❌

For more details on these failures, see this check.

Results for commit 75f3db9.