Bump slsa-framework/slsa-github-generator from 1.4.0 to 1.5.0

[dependabot]

Bumps slsa-framework/slsa-github-generator from 1.4.0 to 1.5.0.

Release notes

Sourced from slsa-framework/slsa-github-generator's releases.

v1.5.0

See the CHANGELOG for details.

v1.5.0-rc.0

See the CHANGELOG for details.

Changelog

Sourced from slsa-framework/slsa-github-generator's changelog.

v1.5.0

Summary of changes

Go builder

New Features

• A new upload-tag-name input was added to allow users to specify the tag name for the release when upload-assets is set to true.
• The environment variables included in provenance output were changed to include only those variables that are specified by the user in the slsa-goreleaser.yml configuration file in order to improve reproducibility. See #822 for more information and background.

Generic generator

New Features

• A new boolean continue-on-error input was added which, when set to true, prevents the workflow from failing when a step fails. If set to true, the result of the reusable workflow will be return in the outcome output.
• A new upload-tag-name input was added to allow users to specify the tag name for the release when upload-assets is set to true.

Container generator

New Features

• A new boolean continue-on-error input was added which, when set to true, prevents the workflow from failing when a step fails. If set to true, the result of the reusable workflow will be return in the outcome output.
• A new repository-username secret input was added to allow users to pass their repository username that is stored in a Github Actions encrypted secret. This secret input should only be used for high-entropy registry username values such as AWS Access Key.
• Support was added for authenticating with Google Artifact Registry and Google Container Registry using Workload Identity Federation. Users can use this new feature by using the gcp-workload-identity-provider and gcp-service-account inputs

Commits

• 7f4fdb8 chore: Release v1.5.0 (#1693)
• ad5c0dd chore: Release 1.5.0-rc.0 (#1649)
• 1ab4b3f docs: Add note about registry username secret to docs (#1659)
• 478820e feat: Update nodejs builder to use BYOB (#1667)
• 4ed6a51 refactor: Refactor verify-token validation (#1660)
• 9a60e24 docs: Fix link reference in CONTRIBUTING.md (#1672)
• 155137a fix: Add verify subcommand (#1621)
• 63be127 fix: public-good-instance.json workaround (#1670)
• d9ef051 chore: Disable comments-indentation for yamllint (#1671)
• b7a34a6 docs: Update CONTRIBUTING (#1666)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)